last executing test programs:

5m1.799913644s ago: executing program 0 (id=639):
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000040)={0x1, 0x6}, 0x2)
openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x80880, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000080)=0xfffffffb)
r1 = epoll_create(0x5769)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100))
write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0x2, 0xb}, {0xffee, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
socket$netlink(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x240c00, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = socket$packet(0x11, 0xa, 0x300)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r4, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
recvmmsg(r4, &(0x7f0000000940), 0x86f, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000000580)=ANY=[], 0x8)
setsockopt$inet6_int(r4, 0x29, 0x4, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10)
sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="00012abd7000fddbdf252c9e00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8040)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="0015b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
readv(r6, &(0x7f00000005c0), 0x0)
syz_usb_ep_write(r5, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000")
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @broadcast})
write$tun(r2, &(0x7f00000010c0)=ANY=[@ANYBLOB="080008000400020000001400050045a00fc000680000030690780a010100e00000014e204e28", @ANYRES32=0x41424344, @ANYRESDEC=r0, @ANYBLOB="8110000190780008080a0000000e000000bb0000ff09eb92334ce7bdbce1cc8ea7c31c4233f717f38859083e7244d871b6582e4b77453efb5c862f933cb39161906e8b6c78ab07fe1b3fe07565e76f3049a8f11350ffa159ce18eb0ce3712cc785657be76b1587f708924c9feb2e292ab97040cca863de23b3b516cc537105bb0404f84119e4260762c50671dc5aab1358ab653fbfb4bbcd3b4664ec16d8f9ec7829cd1af4a5450585bb1de8f968728adf5dec1de9e1e4a8ababf331c67b6c63551249f96344f4f4656e7cd6bf657857a8af5d2df76f377033b968501e40ed92b801d6efaaa61bdc158a6194b1fd1d6380bb7300a70b1d36c1a76ca97d8aec866053ca0d0d4830f966f48a3461bc25fba4dec31acaa7571527df4164e4f6a96c48ac714f8a8e0a4cd14617b52de88f0bee1cffccc96655f4fc658b5a0510e050f6f40aa3d28453590c3af7a4460719f9106f81797c856d60ec8528cc0c9487e69aa50cea9f374fa68593421c48bae1999c875cb205cc55f3c991416ff38e4f093a4c86ad36f19d1b3578242eedcfafd2c931fd2868dc24d9892f790ed560f40a848dd0670f0f611a61640053a2641ddc8ea149145bc5669b176bf12f40d9e0664760a3e476a93a362dd7dfcc3fd9f8be8ee2cd7a0a5fe189031bacbc1ed8e7c15a2bae104b7650c38ed42128a21ad834bac63ed73159e680f90d41475f28567eef33b4c21860ea1cd7a3f56ca286f87608ed49b72d36a1e6b04e4e0ba9ba7f76bece6426a6cad503c8ab33f28772edee91ab52fa29ff4da3893fa0629d1084b2a87f00a468feed92e5fe5aef33ae040aeb89098033fa81bec4535683391297f750f184f06ccb58dfa50ae2d6c159a0208481450bf38bca83f26c50fffe1449895cb8c990aa1cc0dd4cd2d0b4b3cc0006626898fdf274ecfaa1650c61e17f303f41559d75d470da40196aa5dff545903db275a12166b1692f334c70e4c5cf2ca2410989b429e3bc6e2e630adc5d6a039ad7872c4b4754cceeec43a3323d4594fcc28623e65f3067444e098c8817c9eb3f6dc06b6ec407438c09f2c137009c06505d88e0337c765f6c3b16f53bb0d1b235dbdc509ea3fd0996c8cad5bce70eea4d8852e7adfc222b06552d250e70211228251bfb5b95dd3b09bc30fc52337505a6f0689bfca144db622dead3525fbb73056d1b7fa7b08535af3952a8d77a1f34655eb69616c963f4e8b34e88b8405e0e3cd5130c4f98c4e180bfe76ec6cd6ac5e8ccf5d1cf99fdd79bca0a227ee78d2037a55c8593f7ff10bd42d82cd6c4931df7fa6c0c6a8246cef83599095269fb7841aec2cf1afb41d1c7c54136b2737d2c2ae2be604058b657eec27669b99fa669c92a9ebc8e817ed6860070d2fe6bad743ee65d35633de56f026710729102ed175e2ec0af8cc2840af173c71862e90bd370cd3d277a7d2622a5f00946649c1d7894f2a69c3cf8e21276d72c4536149038f9967ec0c748de34376da7971495e0cd783056cdf20cddab2e2201ea43e657e36c54d42c47d1e6a1c9dede599e6c0baac06c2e3fcc5687c5d4706f32337ab639633822dd98089ba20c532fbe4a5e72963d53a86ec34d6a4aa536015a3272c0d4cc0a3a3ab2196ec7a92bf2daf638ba5957941ff0facfe6a161da6a6cbf8e6b40c8b6a601ee91e592f6bb9dc85f84c99e088004ed3f650404934c8b1d436500f3c83333b33be5532076d1a718f80c139db1ac28c953cc23394a5a137567cde82fc681f32e66aa415c2358d02486cb6cb4d6a77e5b27d729e0116773725410332c58b4cc3683fc9dc5235b19a60ea8794986e56e5e8e2ce65655f261ee0c33c8c0b99e7b5bc61fb55040d9e109a3a1182a0f81c2ca081b14cc207b11dad4592add90ff543d2d237421f938af8a010cd197502dbf42f14f1572aabc9f16593a735c07484d61bc43b5f300eb66abe2052cec153f89c1819512316ad728eca65949bf1f903a556ae67871a0d35b0fcb5485e8fae70695cf90547784da27450d6c3e6049bf2f1b923fab49cf4caebccc7a0171aee4364db173c795cc486475427fb92efdbf161ab7a35aecb8e1d5435ea2733cc8dc3f824b00c6d3e05e406de563d1fc6aa77ef76351a3be04557d915df5ed1fd52207872666bbff9ffb84a6e91ae863af42b3e9dd6da62115ab71c6db508875db1a83e631c4cd658a6492cb1a8bd4a42b4546afb74484d519cb5b1a8db29d91ea575a09dc45f63b51b0ace075511556116db625070d00000030eea2dcc171890c51afe0ffb22d6595c15112730ce041648d543abf1871bb62b40303b277b2084eaee4895a9e552bcb2d319cbf733d2682940050095fc9499f116e3c828727c2f0755e2c624891a794a1bd9ff52237f13ccf144e67b5311e556333c5b11816fecd78fffb72190480b93e7fe13682b465aad1c2cf564c16d3e8fb07aed4b415f781a52dda6822ed0023b93c07b61e7740470216f29cb9c770ffd33837a6a0bc2990899778c74af304996ec13c1fc935b6d67b23f5190bf8b1bb3cc4e42bb2b9f1e3b330f24fe172396da0c8b52cdb4351a80fcebfcc85e54436327d8ad72d288551540f9a7bda7ecf2f2c41c3e775e26313de86c1b41ea1199321d533abe105ebfd90c9defd30ce9c7ea7a342b310eeca3dd88732dd9d7751c0ae685fbaed556727d2ece266a66ec7adc3a20f377b386ca7c909aba90fef9605ac37d43dd89e4da8455f086c1d2ce9c5b0eb4296ac64b7c244b28b4fd66a8be0442cbeacc7ba871efb11069d7c28dcdaf5798d0025741e461adabb3f270d056b1fe961e6626fc9a533924364687e80aa10e8ae081d743487bcfa97c0e1938dd47fc9075c3b0772284d98e683f0314c4a261845a3e50106e9c0a529b77293c251472a8eb6213ae49b0cc9d569e0a0c4fa1fb10663e4e0b6b0f9cee796aace2a1b42e42758a0180c2ee89119bf9359c6a277a062eda92a932ccf4b72ec1f998224acbe9eb8d594b8861b65ac276f1d401418c7be4d9344b52eb07aa74ba352e347f06e7e923b86cae5c0beb9f7aa0201b6537a82ea8f9281ac6e82a327ea7b879209dd30c1d40c22c402d3e6f09f4b4146b28cac26532eafbb5f6a67f6f734601ab352c804083570087124b23d7d3bff4d31569fcb8c091f157336d11e0e388a91ddf82b05b22dc3cc2ba4355a9453d9329cbca9d52489f15da5849ba32eb11d91184c6a352fe064aae6e85de05288282f911ebf2a932d43413c9bff9cb50f86af7eecca5eb9e3ce7fe9bc1743bcf24d01d02961116a87e4b55ddc1f217fb488c002cd85bb79db625bded4360983abf1e4574a9a46cfe05f0e45da2dd28703599adbae4703aad3ba1cc44813bcdf2432f0e5e9dd67ee8c6b34a9107fb81f21d87dd8fdf270068528685ea3c989beddc08410a59b5ad68d2fd9b37f8b3fddef393433de51b01314e3d6bb08fd7ea5b9abb4d4ccc5a5a43820004ac3870491b8df621be5388e2c3e2c40843d6798c493b308bef505d9f2d2734990a30150b4cefcaeb590118d21f331f201569c778cd5e54e34ec30a73d1fd48cd5d64d444a2a58856a71fa8173713136bdaef1b9cf1776cd7d5be3179ae7a2a95d7138334add686c5b50ca87e41b4c3f5343387cc491e97c280becefd3d72ae959a4fb3e51c15d6dea3210c480342c1748a040879f005f98a8b0d6a32fad631f557694179d117f71ae5fa6d54d4208aca72c5d1e03d34e80b221522c04b1bc7bc1ee008550a1757a1b74a0fea1d22778fd7e7a5f58e41cf72edf60d751bc35223646397457e8f9036838fd3b72e2bc176acc3e1e99a392b1d496cbfbdaa641b2212ef41c1728dd587272849b3a5cbe3b66f7eaf622d2cdf72ada32ccd3e16dddba2c890beaa8dba3773c88415fbcb733084a9bac52b6844f28377ba01fa3a09f74a57d87f31468ee2c64ae05b35fe3d660bcc6ed908b710a1216974db0232d90a124a4e8ee30322a20455feb4d0bef13ce0fafb56f492a99c3fb1c57900330bf75246147b44f23c77554119f1d96a4558d8fff90922af4f9299407344d7292d29ce3446e39bd9277e513e6068394584a08b356e6a0c641108f6e89390290844548a6c8122d8a83cc6c7d7f0c10d330a537d832bc779ea245a37c850b85858885541da0f914e1a41ec5b49ad9b3b41814f66c50bd1f49cd514d027ecd1bd2f002f1989fc621f23d6d5f1b9976ce95c305fa34ebd3404919c3414fd97227a590684ce5af0a18fb4fa6f41d4a3951fb49cc8184b547e9aa2ceb4912975ecf8e956bb29389789b8ceab72e7ae88fb402795ba7712323409fc83cbaf10a523dd4602d9ae7c158a56fee8df04ba4c48cdd63b1ce09bc697ca138f01f261f51bdc05480b7cf5f64836bf8e029d4883d4bc2f53115129cee1d9a9e57b4a5fb4ebef2237a2bdad349baeab05e6b24167ba67ea94f808d9d1386b08b0fd3c92a80ed253db5bb40e6a0c308339c615af56e554ed0d78881228da41706acd8596c52e33abc8a4a3317847dd50b8d77b341063fb29dd02594a540fa737a4dcf9c57ca8717d36e8a8a84eecf9ebb7bb0f4d8cb0f247f982e4fb7a29a7072f08eb1479e278b1084f4faba3c75b6c33438e24e7b454f1e8ee7c64507ef34f37e8655f49cf6871e8012bbf80d2fe2ad9424464d0a408ca50037f1b1221c2d3dbe4dfa75c236f6b59b8a9c8e3a4b1ef73bae3f8d44affc10c72485dee42b73671867221778a6f9ba1ddd5715a6115845af2da8687e0e75f35cca527cb21a07bb2018a574a7e1eb626ad6939990038588cabc63aaafada2c88336f2c764d52cf5c3740371c79ed30f4b7325768c43b9daab5532b4778bdc380bc56bf656eaeea1f7987db28672850e46fce9c9d7dcc7df7b01e9f98ae98890491949c3a9af72cf35227fe88e79d1853ab46903dffd8ceb6060b5a2da5ee061db21e07124b510af4be93a2eda5c9469c73ef661e52d1d3ddf6d0dbd58715730485d26b731da17fb67b1bdedd400cdd472ab88c059e99452b932202fa8500e9b14ec63791857fc33fb97a21469dc318e9799d6b8d3155a9b9ddae7704457f9fbafd0756fcf8464e2398a88b2b4ea3f655cacd390f6df7b195b35b25c6873f0c53ba2939efe513e448ec1c406380ca4e0a6ef53cb183f05bfe99b003429aa5a4709dbf9b6da2fcbc243bcc6b6e8840ed0636af84b6dd3c3b9e50f19c7fda40185dd542f8ff32e7ca9fad274847238e05cf0db24cf7ac1e2cecbcb20bbfe4868b6245899d8e6717a1f9321fd38b87c0c02bb24ed937e9460d03a5a38fa8e0d222105c8527d898f889bbe298b368fff9b951d1b0780352ce8ad10a5dea883292d6cf149618406fc33ca1539da60a1922ee27b7b74aa3507e6a5731bf2c42c879e9efa0750c8bacc63e2225589eab7bf237c259f715248b61278e4ef6f6d238d5bc9bde650795243874b294f228597cf687df0aa8ab1e58548991a1bd903f70408cd4c23f2db7f2ad3f9a0b12a4e52f09270d8f79aa0cde1ffd268d50fcf47c5b2a41898a076e8467cc40de311c26a1f5ff5d1a6693402f927077083490b65e594d5f4e848dc76e03adb210826926ef65e1f63346ad6a14b732cd7a23bf393e72b3c264258d7ea827d03e671"], 0xfce)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
syz_open_dev$vcsa(&(0x7f0000000040), 0x4, 0x40000)

4m59.930016734s ago: executing program 0 (id=654):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x100, 0x22, 0x165}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r5}, 0xc)
openat$dlm_plock(0xffffff9c, 0x0, 0x4001, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r6 = syz_io_uring_setup(0x151, &(0x7f0000000140)={0x0, 0x8206, 0x400, 0x43, 0x26}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
r9 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r9, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
r10 = landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0)
landlock_restrict_self(r10, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000150cbd0000000000000000010069706970000000001400428005000900000000000600120000000000"], 0x44}}, 0x4000010)

4m59.018193741s ago: executing program 0 (id=660):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0xd, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x801, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0xd, 0x3, 0x7, 0x40000, 0xa, 0x26, 0x2, 0x2, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x9, 0x80000000, 0x9, 0xb50, 0x0, 0x800, 0xc, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x200001], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xffffffff, 0x89, 0x7ff, 0x0, 0x2, 0x10000, 0x9, 0x6, 0xe8e00000, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x5, 0x48, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x71, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c7880, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x6], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0xfffffffa, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0x5, 0x7, 0xd, 0x8, 0x6eaf, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 10)

4m58.894519636s ago: executing program 0 (id=661):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
syz_emit_ethernet(0x103, &(0x7f0000000540)=ANY=[@ANYBLOB="000000000000aaaaaaaaaaaa88a84900810018008847000000000000000000000000000f0b00000f0f00000000000000050000000e0000000a00445800c900650000090190787f000001e00000014444a903e0000001000000046401010200000001ac141427000007e0ffffffff000000087f00000100000000e000000100000008ac14142f00000000ac1e000100d01c5599d9384ad418d531463a38f623000001071326ac1414aaac1414bbac1e01017f00000183237ee000000264010100ac1e01010a010100ffffffffe0000001ac1414bbac1414bb000004009078000000004ccc0000006600020f4ec800e00000027f000001070ceca4303f4b73cf78ec3d440844e07fffffff019404010000000004"], &(0x7f0000000180)={0x1, 0x1, [0xb75, 0x65a, 0x1, 0x5e3]})
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000000000000140012800900010076657468000000000400028008000a00", @ANYRES32=r4, @ANYBLOB="3932d7588fd0d98b00adb59ee6c30078fd665d512ae96460222d615a196e072cc0c06f9d93f7d8de21c54ee0d59cab3a42db215acf93daf29fabaa4fac9fcf1892e1c0c100af"], 0x3c}, 0x1, 0x0, 0x0, 0x20008800}, 0x8000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r5 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x70)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x400, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlinkat(r5, &(0x7f0000000000)='./file1\x00', 0x0)
open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0), 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f00000021c0)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000200)={0x50, 0x0, r8, {0x7, 0x29, 0x20200}}, 0x50)

4m58.554448458s ago: executing program 0 (id=667):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffeea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r3, 0x8905, &(0x7f0000000400)) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r4) (async)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x3, [<r8=>0x0, 0x0, 0x0, <r9=>0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r8, 0x0, 0x0, r9], [0x2b8]})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_RMFB(r4, 0xc00464af, &(0x7f0000000480)=r10)
r11 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
openat(r11, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x5c) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r12=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x90, 0x0) (async)
connect$unix(r12, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
syz_io_uring_setup(0x88d, &(0x7f0000000380)={0x0, 0x8936, 0x200, 0x2, 0xbfdffffc}, &(0x7f00000001c0)=<r13=>0x0, &(0x7f00000000c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)

4m58.289742271s ago: executing program 0 (id=668):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x3, &(0x7f0000000340))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000})
r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r4, r4, r4], 0x3, 0x0, 0x0, {0x0, r5}})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x50, 0x2007, @fd_index=0x7, 0x40, 0x0, 0x0, 0x1, 0x1, {0x3, r6}})

4m58.250978098s ago: executing program 32 (id=668):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x3, &(0x7f0000000340))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r3, 0x400448c9, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000})
r4 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, r5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_FILES_UPDATE={0x14, 0x2c, 0x0, 0x0, 0xa78, &(0x7f00000004c0)=[r4, r4, r4], 0x3, 0x0, 0x0, {0x0, r5}})
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x50, 0x2007, @fd_index=0x7, 0x40, 0x0, 0x0, 0x1, 0x1, {0x3, r6}})

3m24.679278379s ago: executing program 4 (id=1331):
mkdir(&(0x7f0000000400)='./file0\x00', 0x81)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000000000000a01000000000000000000000000000002d12d11c1e494ed7e66b5458ee2cda0874e07f01bc34a30856d2709d4638a32b7c8d652d460bf8d9ce838e7479bf03a780d9c624b95e6aa5b6a636d18af218b878a7ac0236d4f8d5fd8eb542d2544ba86912cb779f0a824e56cd132963720aca6d5b4abf6a112c505793bb2c94dabf9fd1ffac2044fa3d0d1074cc5897a2fcb07aa5159b6bd87eb81be5c0a03cab668216edbd4a203734cf7630fdd49e67a71cae24d1b4cf62277e16bd2a8e63648b34551c0b4054e9dbc01e95f8169bba3811bccc3f7b4d478c4"])
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_CAP_X2APIC_API(r4, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x1})
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f00000015c0)={"597aebb3200720801b0e6ba1c3c9395fa6939c9dfe61db731224a32e0e42a97ae54fa5934b3561c8b03878ea755360e1f5398d1ba0cabf6cf8281c713f1e24f6703e7b2139576f37f3343e77d5a7cc22391cd2cdcb81ce51eebfc55762fb866b1c78576c04646aa946b4bc5c06fd6e52e796c7e52630b4abf83a601b07f7178f50c4c9c50a210675d61beb4e28c375f45f347b81fc61fc31b0d3b2bca1ddda53e9f1999cc99ba47f5f6f0674748cc787ecf4cc36db31b276f8eb3f4c02c8fab94774fc2370e62ff40f62ba4d27133b1529efbfaea33f7e3c24b64c38b64c2002349c8a1e2d7e54509485ee73e24eb570aeeeba66d4d5f2ffe4b52bc0e341fd3772ac3e465da234d70e806555d345ac3b45dc1c229c8e127e1fe544b70bbad8f3b79e5c0562b10958531e17656b1ab6ef9c7352b709c2a19b3bdd33613c9ef2eeacafb51d090a45032a89ad46bd2859bce48ae4f90f977d83d39db160f6c075af0c77130e5429f8b5e31569d78aa49f670474a4430357acfe713640fdeed88971b78b69b1652bd6e1d6ef4c3d9eb2e32871efaa26bae28839c51799f881fbebd0dda92b58bff3429d89641d35c0d4818137038f7463ba658e8cfa8c504e9c0833d41ae483f2d64aa6ec60199e2eb121c90a8a4956b4121504a1913c2052b33500fc610ca396fd549df7462c2e6a7164c931fd9e52707f8ab4498bbad75109d28f421fb7a1d276e15a497a385c23189b33d4e02efb94670e07a03a4908b990a925542154c86694d84c65bac5a0e9e2f2e36b95aac26d64447ffd828f831380bc6eece3db2c18693d29b59760ed2ebabd7b9bf874126a7f08205c81a0df5ff169b236cf3d05002f1798913f3f75292f1f1c42a9151170309d0bda87447719341e85b7aa07f07965205c37ea21b5504eb97eab44a70a7b2597ce0af2608c5cc2a85366ec11e47e2a197c6e038f6f9f4d1d25edb077f6d98d44305c4ebc803047409dfa8e6f93d9ce63ab434957924dbdefefc99bff0bb4a68142e04c7c20954541728ed4505377ba88ec208ce064e3c8a7943577e20804932e0571a902cd0c45c54dbacb9968ed15fee9234fff2f631990bf840f5693d285ecd94688c63a251dd2e2a7d0049ee2c45c1e695b87711cf5a6d31414d0f708e5d0fc03b2f37bec0ae4267ff6b4d740c2b5d905ecf572d2c9f06b5da649af020b6921dfe057442e2cf12f28d93fd1b49f5716a0c2d773250c2caf8f52f2da9412ae377ed6f74a2f0123d6bb9fae78c37a88f029f1ecaf91d023bbf90a6110b21a015b3a6a4b5e54433c662e6162b114c128c158b8391eb5b57f8cdd4be5207bfbaded1a2063852f15fd2a9d00becc20d2432846c6254625d0af44119fd273ea85ccd4e18347456bd72ea67a334d65368a8858322d8a1bd2786eb36138fa0b3600f44d03ba84615fcf9985"})
mount$9p_virtio(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=viUtio\a\x00\x00\x00\x00\x00\x00\x00v,\x00', @ANYRESDEC=0x0])

3m24.388617126s ago: executing program 4 (id=1333):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000000104010400000000000000000100000000000000010000009ec1bb4cb2cc5505b4cdfce5d4c7c2ab8e9245d4980fce5ab2abeb5b26c94f60953c893f0354ce7951c261a264885ed389d09b6cac759f451136409605161b8fd8cc4cd53234d38be976ae4b310a45926a3577534d989738226aaa2999ea17b66d258558e393fc8a6db51fb2cbc1e1001d11f8894008c68ca1857ef6aaf19dbb86334ccbb2e261cc9f986f0ac9d301a8808097e30c5b081809c741530225a806eb2429e501764863507a712465edd6aef8"], 0x1c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="310300000000fbd2df250b00000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x400c084}, 0x4000000)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0)
sched_getattr(0x0, &(0x7f00000000c0)={0x38}, 0x38, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r7, 0x400448ca, 0x0)
ioctl$sock_bt_hci(r7, 0x400448c9, 0x0)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r8, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)

3m23.494335093s ago: executing program 4 (id=1341):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f0000000240)={&(0x7f0000000080)=[0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000180)={0x0, <r2=>0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0x5c9, 0x500)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r3, 0xc01864b1, &(0x7f0000000100)={r5, 0x1, 0x7, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000200)={0x0, r2, r5, 0x0, 0x0, 0x8, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(r1)
r6 = fcntl$dupfd(r0, 0x0, r0)
read$snapshot(r6, 0x0, 0xffffffbf)

3m20.356306128s ago: executing program 4 (id=1362):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=@deltaction={0x8c, 0x31, 0x4, 0x70bd25, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x38, 0x1, [{0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xa9}}]}, @TCA_ACT_TAB={0x2c, 0x1, [{0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xd}}, {0x10, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}]}]}, 0x8c}}, 0x404c000)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="740000001000010000000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa888f560020054003480140035006e6963766630000000000000000000001400350070696d36726567000000000000000000140035006970365f7674690e39bbc2dde643965f62617461647600"], 0x74}}, 0x2)
pipe(&(0x7f0000000d00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r3, &(0x7f0000000240), 0xfffffecc)
r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r4, &(0x7f00000000c0), 0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000340)={0x0, &(0x7f0000000340)})
r5 = gettid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
tkill(r5, 0x11)
sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000008c0)=ANY=[@ANYBLOB="8c000000", @ANYRES16=0x0, @ANYRESHEX=r1], 0x8c}, 0x1, 0x0, 0x0, 0x30000010}, 0x4000004)
setsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000580)=0x7f, 0x4)
close_range(r4, r4, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
sendfile(r7, r6, &(0x7f00000000c0)=0x8e, 0x180000504)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file0/../file0\x00', 0x260)
creat(&(0x7f00000004c0)='./file0\x00', 0x8)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r3, 0x5761, &(0x7f0000000700)=ANY=[@ANYBLOB="0500000000000000060000000f00000002000000010000003909000004000000050000000f0000004000000049060000040090000006000000ff01000003000000734a0000bb04000009000000060000000800000001010000050000000e00000002000000b05700000000010092000000ff0f00006ea90000000100000300000006000000150000000080000007000000e00000000100000056d20000960000000400000000000000080000000b000000faffffff07000000090000000800000000000000ca000000e40000000800000007000000080000000300000017aefffffdffffff"])
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001e00)=ANY=[@ANYBLOB="02070e071702000026bd7000fddbdf2502001000000004d6000004d60000000002000b000d000000050000000000000002000a00000400002c0b0000000000000102180002040010cb1cf6a2d9d5f2c223a12a8f5815a7ce0511752e796ca161747e31b1fb2684c5986cb52a38d7b9771a7ddaa77c00f7473280a088660bf70d2559593c3231be9cf31f0b0e930b9c002452152e2980a0008457c6b3c4110931b820bab9d1a35e568e5996c3f57b95566e76ee0a9a865fced8d8b5d1d25f9b04762d99225d4f96e63cd4e719feeac7593bbf51e8c6745c4e098fce82877bf1c54c18b7d144db429e971b28c18394c55fcceb54a7c54100d3349671874cbad6fc673b4c1889a8028e71442d31bd179e75245c0ce341de956542ede8c309b38929bf00652f76cbd1d2940e5531d3c5ac421c44270e73efb898497528082b593a367c1c3df402ce40689daa852995fc5178aeda721451718c2c2f32c2648aa7b647443a97d4d28f8e5a566c876ac8ff43cde59da0dd4375a8f49747e4d01ffe1c561d5316fbcb7ab976dd07a80d103942a91d0ccbfa0d70f737ba0a39fb82df5df735e14b2179e52619f1994557fb650f11724db6c8980a2c58f9c3488c66c0ff6b3974051fc332b0d236788c2deca1a51b2d2596c29b3f8df74e2149b8aecd6c697f9f2c14936e2cf424e6fc66103d805546be2833bc407b57b0c571a35ad475ee29a6f87f87718a1417d32fed150359de5a211ab566fb332544d498249d2adbc41621dc4ee2b206a8eb614f1f76f6c37f44fcc909c6b57a6ec57a32a8b6cc3c0afbdf031492507f620b3394b2bdec704c747cb83701e7c67b0cfbccecc205f1d839c78c0f73d5629da575c3fa9cda66843ea0f27e6f30c71464fe3636292be346607ffccce18b0df2b17a458d2f48f7e29c700e8b3d9c80ff8905e27c0b3c14408db1a3205508c354b1ac13d075a281986070a33621b32b2a66c8bec49cc6838fa3ffb2ef1cd0c5c5aeed80641f3819e9141c8220bb79e353d601f239e3afca748761c9f35adb80165a30dcc34acd90bc95cd5595336fb04cea99c0771a6f38760078fad61b970ab14688661ef02be46417b09305e74063edcca5014cb007d00bf3447704fce26ffa2bed960f64831683680aa2c23e001038b9e3d79b68bb1098fccd0de40953118aed3cb53d7c2b09f54f87c9569224b3f87cbae16c94e9d888c09541e0037638e0a83db9e48a37294de51c086ba4d9174f85687e7784c59a67ea6e16be5042c4d66996d1fce26c48276d6ff2eb857ad4831abaa59ec865c414209072ddcca6392a84b39adece83ebeeb3a10315ad8137f6161537ba87bde7bc30354232c57b0a98b2d191bd076aab20308142279710670ca97e0d7f8076556cff0fe8fcda3156ebfce4112c7b8dcdd73f816f3aeb91968a4f56b2bb2142037107b6473abc4c604991429526862ce2862dc91005027490cdfad3ee271e5b64596a3673c5b6ba76dc79fa91a3f2cc35f5a2b5dfb792f3319043e49c647cce03b6b07d9d10ee3324f63520f4141bbd01cec12f8a4e606103d6fc919689b36a54b0edcf0f3be1a63c872769cfe4c67243f9a275fb3d1329bb0c78cddae4c04e4d4b2933febb724dc4789fa5df753a040a9630f335cb39bf073e08124c9e38ed67282b8201436be8850717cc77920f15d941cd57925aa368214526519f5ce4bf5c25b63fb177ea0f1edd6bda10d494ee41255c23b3b2638d906f96e907bae9ebb00ca02c4d24b3a4021986ee0b3dc77859f1dd0d9b26985a31e0f0de611c688fcd5a89e3a2c442aee647376226285ea3db63e2aaec68eee777c7124f0632ed0abc8586dfb82dd5c8393ebb7b380e5f37447875ec562e3e990e4ddd6c347552bc41bc576ca93992120a8bc120a8e6320d8a98840512d1809f7f0f90f6980f8454330147bb05a5e56a134a5f62b086b597ce6b6080d4f77b4493092c29b680ec967e363d1a7af71f8223e6fa0fdc3f67d7d2b655cbf63dbb82867e5c764047304a9c07643ed73f1e4a4af57bbd50c8c942e3b7aff4d893681ee102c1f9390b7be89d9ad60e3896d0db49ca83df362a930e0c4142bfaa5650025fa446ea5195992e552b9472e204f52863fa0668e5ea2631121e7c9218d39e87281dd32c8dd4a38b8d798250ea67ccd284b6938bbd2fa0547e81fb8cf94f467aa5fc5d6e1daee5455f0c9825ddb2e3f8802a99a30d0e9c992bec07c807503e3dd4e3bcc9fab884b5a444885ee8306095840a31ef98af021f94803ec6a694cb299d5ae174dbca29357f914ecb40ce1ee0e81051251c1f3b66db60cb58c1081975380d1d4d8acee219f038a2d4468bb1f2200d04bdcca84d218b20eb1dd10ceb501367cb9673590d6b8d8233f3dce570e079bb9e518b5c0532195e36ef8d38a022214686114704331ef2d186bf2fba3aa4a6086c91de007ebee2400fd24c4bbf8be8c1975dc3f779e1593675417a1ca3157bfe4a25608c99a4c5851fca3d1bc4fc666b0c52071ed88e593ea07dd683bb248f3fea4bbf9de97dcd5ad115aa8ecfee18aa0733e8a1eefd7934c0ad03e35e655711d76e42b19c276bbb304cd7403f74681713a15df6f94da6cb1954ecbaf541575bd2c806c131dda781522384818b917575e8920c013fd0791d64e08be843b171d4bd089c3a6d0599613c3b342eb695a8fb6058570929f8ec6140838597d053b4f488555cea0527926624f9038424bf40fd7a38331e658edde28c9556641ff5dcd487747da6669703118745c45c84eff009b136600fb1383460193c9472a2b36c80a93698fc9b018a53525bb6abfeceadd3322212ca96fcf51f5a8aca6ccee372e3d1749d2bce4b97af016b7e369f2a93d8758b6d91d736ab2ac4f7095c660ef2e2285d1bd160bb46093279113ea19c26513924563a868617a36909ab7b6a18b89b8a3e5e7caffb3ebbf36b0353e6be0a9dfb2803dce0f153ff2e1350cd68a26e6e80f98b84280c6b225e31288b421d5e2a88609da94dbe572ad13d8a51530f480901a5c2ad55bd5175a95d2fd263e8aecf43dab6827fcd11318619ed172736bf419e6d66f4a355e4f32948d3c4d4a53671bd830ee19fa96b1ac40d29641aa9c971ed13e8353ef90e1ca9332a218dbc50bd48633ea7dbe52952dcc814e23d6d00422fcd569b758c99ffb8db45aee8dbc18ace33057a158c3a2d2898e6689d1edcb190fecb5fec221de13d2b96b5bce24a3e7a45cdaa965bcdcaa2de50ef1618e5322900e872c3f094e21a512faa7e875579f36f614eef538ccdc862334ce248a592e31824d4f968c72776b6546b0752da50f94d35d75e0931b4fc6d88a76861bd55c35cb59d81a67772ca6b2e14cacf0d7bc187186313824a0c9f35b5e4afd25d497547fe86261a19283f7ccb5a3f6cba503de946b0aacef11222ac418e38baf9853d868c53a9ea88417d5e5a2c8c8f4ed3e2fb645f414921fe481603c8052b01093ac4443fbf472bbd3d498eb5f68f1eb204f9142705b71773fc351b6dd2fe910dc6e59dabac7446658e10f6ca78e668609a86d77f9362edda833e7216029dcf49df2a1d0aa1a8f25f262b1d0b27dd1c57eac41d31edc905a976938fb6ab99b7d1b2f7eb33429a6c5510673bd5df06229669891099abf851ae1eafc4d25deb08ffaf8c6bfd507aa6de297e0d321a901bd8b5f5e2bbd1ee8821b14022234e7935acc496790322f6b9331f7ba328d1fc3932e030ed8cd32dd13c69d3c89523bcb135d8dd58781f5a8b7c86b1735680d623966dcc82840d3ebe8331ebf73573f807448e9b65f6ace88ae57e2500274c4358f5ae41636c45fceab754ce2bc2cffafececd6e808c6bac6c803070a245e564568a69d76e92fe1671fcfac89ae2c43e991f57c6a66ae4562dc0d12c077f5681ced5e77c671c79bea6cd7f7b281e01372806cd007b7bd578551722560247bc380e8dcdee0bbdb40dc2b76c509037b4f14f096ad2f95b2afce6afdca0b41d73fb57ff34f09fc7196cec491e24497942df485164bf25862545f70989645dadad1e75d632b406818a8aa7ce7610e6ab50f742acd68154ceddeecfc54d48f5df0598b8aff292400f5ff0c15b11706aba40b62e6333c8a2b17d670feb8e997d471d7835a5a53a2c48ccab2754dfbafd569f266907ae91a07becd46534398657fe884e480192c472c300de9c865306cc698909981b5163dee413bc6fb42283e3f592dc75bf56e5d2940eb5b90bb5e554521842aeccd1675d95ad183eb178c622d94e7f8ed6089e775039d6694f6d12bb403950060b5b73d011070100242cd9a8b4ae4f0b0b023160bcc4f6779d2e261f0873bd424852122ecb04dfcb0000fb0586c6d2a454037ff9ff134270e3e4f80d871c04081de5d19c4b3c60d17a5a15efc15faa3fe3d83c3fb9e8131f7b47fc7a5f4a7d68550150bfa8297ce9cdfa931b0e896d4e2c70f4b24298e3984558ddfea178bc6a6aa7dec683a9cc46d1c34c4549c1634c98ec44614da9ce162e9a526bdb322577e53110387cc3728950d2ecec18e6bafe1ffc914c716a74f617755ba9a578befb0d970bc895b9b911bc02f62e9d65c33c784b3ff0b111e5f9d987eb1806b244124e9cae5df1ee9a323fbd283cd5283cd91b9853ec6ad36c9b709d70fc96d256c31d716e952439c3bce7756d3a07839246b54dbfe0150ef1b855f2589c78afac1dd87982becc693076a70dd06c056dc947ab20c0a42de176dcc5c89adec9c45ff2fb1aa9e9de554003410fec786409ead9ef9a4cee150ae32d50f68333f0f987b00de353b714323d2b42d14a433698590a35430d0e74b6ec33561d8acacf00d877b9fe6a50dd3f7f9275e50dfa719ccfbc9e5b47a5dfef961665f60cc588280ab5b15711ca8792a1d7a092f80018faa8fcaa9a3892c2076a41ff61b9983d102866d5a051602a5f3a3a43606a3aaf3e316ded9fd81a27867a15222d6cb16f5494267040eef06e1921d087720532357fe7eab889c8f72a9d15ee11f9ba7edbfb924388ad39cfd83f39a1d5f6f46f84e41a5755e1e4329502d64a0fed42d7c3111bae98192ba4f3d27da5dbd8d64e2e55246c73bd4c17cc81223c2c8d622284481b9619137d5552452028558ceb742c485336fb9a92fa22b5bf907053ca2cb2b50ff635636a5ef5170a075a2a9f38e1400592b23f440f7c0ba9db5968f153b6f4daa25d4772d8135481ed3451221191a2a42c7a38f869631faf62766df3951676a5eda170f793e23fc111707ae6ce253268ed8ded96cbb39bb21c1f9c0c574b9662fefefb5ae1bb3ff1383b937cc821aa5e54d7c95294f90df87f92205e0bb36ba89b15cb655cc4f3cd4cd86f73b572d3a12c12b4a23c993c304f6bdadde0655bf7cd1cc9c145ba9c2666c1fee5d36596fab23f1afaab3a4d355016309f9ae842df27ef60a97aec4f13924c061cdf3c864e94fad709ddb6d8cb562dc7f1dc0073687208221b3e0567b461fa55c9374bc021372e6d00e829bee190c5c5888146830c70a76a2fb633e671a605de8dd2b044fbc443f4437f6ce6d05ffab2c617e78e5edd0c35fd1079ad8251e929d4f6c0803b86c21dec9fba893047b6ce2fecd6f194a0472321d7bfa422f07162e6589e00509487ee5e0c9dc56d1207f3add7c8ace376d1e1a5abfdf1c6f4ee6ae043f0a4a198420b09ce98a8734756c65e4cc8f9211753411a30d3789f6d65a01ad0a8822847f65c71454b5a093243e535fbde7c885284247f2acf3b14d0e163dbf6da0d57a268545b844d25de26c77a9622e38dfdcf52917a250b748778b0816b4fd919b0ccc7c87bd000676436bfb8b78c33d1adbed5e8c777f7d7a953c932f9275ce85d20fbd11a45db1b55c55ab5d3a533de03aa0d00080000030000b686ba350c6661db61518c9cc5b80930809447b551e4cbf294dd6e983652e98cab37d001f56c0bfad29b594dca929beaaede4b4c583fdc17559a3f733ee5dab286d3a1435c352927903ad91d448c7e3492433c8f980daef685f7f24c5423a7cd010015004e22000000"], 0x10b8}}, 0x4044010)

3m19.458839184s ago: executing program 4 (id=1370):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0400000800000085000000950000009500"/32], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
mmap(&(0x7f0000b12000/0x2000)=nil, 0x2000, 0x2000003, 0x30, 0xffffffffffffffff, 0x3e1c5000)
r3 = userfaultfd(0x80001)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="c7f6baf63b100f6d0109db255b048c0e5c453ebf1e6e6bad3bbb4e0d7b53f6281e33053702658b7523aba0ec3e9ce70c1faeccaf7e44250f46a2fd1d43fa902863db91e250fd302e5ca3e66c8dafecc022f337bf08df945240bbe80c8e8aad21db601f6a45024811ff0500e4335d53d6554df2416fe0f8a724cf19a09515b580d32245509074"], 0x50}, 0x1, 0x0, 0x0, 0x30040892}, 0x90)
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'tunl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x80, 0x8000, 0xcab, 0x12, {{0x8, 0x4, 0x1, 0x7, 0x20, 0x67, 0x0, 0x0, 0x2d, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}, @remote, {[@ssrr={0x89, 0xb, 0x54, [@rand_addr=0x64010100, @empty]}]}}}}})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000040)={0x0, 0x5}, 0x8)
sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1, 0x0, 0x0, 0x804c040}, 0x4000891)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000009000000030000004f0c000001000000", @ANYRES32=0x1, @ANYBLOB="000000000000000000ff000000ffffffffffff00", @ANYRES16=r3, @ANYRES32, @ANYRES32=r6], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r7}, 0x38)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x400, 0x4)
bind$inet6(r2, &(0x7f0000000480)={0xa, 0xce20, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x2}, 0x1c)

3m19.126787556s ago: executing program 4 (id=1373):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0xffffffff, 0x0)
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x2, @name="2a0bfa91762a67fc38beda01496988cd2bae0aa03dc5d7b06bef2d1e67d01e0c"})
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24003b84, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
r4 = socket(0x840000000002, 0x3, 0x6)
connect$inet(r4, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
write$uinput_user_dev(r0, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0xd, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x801, 0x54, 0x7fffdfff, 0x2, 0xb, 0x8, 0x9, 0xd, 0x3, 0x7, 0x40000, 0xa, 0x26, 0x2, 0x2, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x9, 0x80000000, 0x9, 0xb50, 0x0, 0x800, 0xc, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x200001], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xffffffff, 0x89, 0x7ff, 0x0, 0x2, 0x10000, 0x9, 0x6, 0xe8e00000, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x5, 0x48, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x71, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c7880, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x36], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x4000000, 0x8ac1, 0x3, 0xfffffffa, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0x5, 0x7, 0xd, 0x8, 0x6eaf, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
close_range(r0, 0xffffffffffffffff, 0x0)

3m19.065974631s ago: executing program 33 (id=1373):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0xffffffff, 0x0)
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x2, @name="2a0bfa91762a67fc38beda01496988cd2bae0aa03dc5d7b06bef2d1e67d01e0c"})
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24003b84, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_REAPURB(r3, 0x4008550c, 0x0)
r4 = socket(0x840000000002, 0x3, 0x6)
connect$inet(r4, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r4, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)
write$uinput_user_dev(r0, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0xd, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x801, 0x54, 0x7fffdfff, 0x2, 0xb, 0x8, 0x9, 0xd, 0x3, 0x7, 0x40000, 0xa, 0x26, 0x2, 0x2, 0x3ff, 0xfffffff4, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x7, 0x9, 0xf, 0xb, 0x9, 0x80000000, 0x9, 0xb50, 0x0, 0x800, 0xc, 0x0, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x1, 0x200, 0x0, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x200001], [0x66ac, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x80000001, 0x9, 0x4, 0x2, 0x0, 0x7, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0xb, 0x7ff, 0x7ff, 0x5, 0x9, 0xffffffff, 0x89, 0x7ff, 0x0, 0x2, 0x10000, 0x9, 0x6, 0xe8e00000, 0x10000, 0x8, 0x1, 0x7, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x8, 0x2, 0x5, 0x48, 0x7d, 0x6, 0xb, 0x4, 0x9, 0x1, 0x8d1, 0x100008fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x7f, 0x9], [0x8396, 0x7, 0x10000, 0x9, 0x8000, 0x1, 0x9, 0xe, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x71, 0x8001, 0x7, 0x3, 0x6, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x8001, 0xc, 0x5, 0xb0f, 0x1e, 0x3, 0x800, 0x80008, 0x9, 0x3, 0x200, 0xfffffff7, 0x4, 0xe, 0x464b, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c7880, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x1fc1, 0x9, 0x1, 0x36], [0x10000010, 0x7, 0x9, 0x2, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xdaa, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xfff, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x4000000, 0x8ac1, 0x3, 0xfffffffa, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffefffff, 0x37d, 0xfffffff8, 0x5, 0x7, 0xd, 0x8, 0x6eaf, 0x0, 0x8, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)
close_range(r0, 0xffffffffffffffff, 0x0)

3.18885827s ago: executing program 3 (id=2731):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
socket(0x10, 0x80002, 0xfffffffe)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) (async)
openat$cdrom(0xffffffffffffff9c, &(0x7f0000000240), 0x28180, 0x0) (async)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) (async)
syz_clone(0x2000211, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x7e00, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x0) (async)
preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
r1 = socket$packet(0x11, 0x3, 0x300) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r3, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) (async)
r4 = socket(0x10, 0x803, 0x0) (async)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000a80)={'syz1\x00', {0xfffd}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3cc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x88], [0x4, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4a9c, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ec2, 0x0, 0x0, 0x4]}, 0x45c) (async)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x2) (async)
ioctl$UI_DEV_CREATE(r5, 0x5501)
write$uinput_user_dev(r5, &(0x7f0000000500)={'syz1\x00', {0xa, 0xe, 0x3, 0x10}, 0x4c, [0xffffffff, 0x140000, 0x9, 0x400, 0x2, 0x4, 0x9, 0x5, 0x4, 0x6, 0x5, 0x8, 0x7, 0x0, 0x8, 0x4, 0x4, 0xc, 0x0, 0x7e01, 0x42, 0xb, 0x9, 0x4, 0x1, 0x7, 0x28b, 0x3, 0x5, 0x5, 0x8, 0x4, 0x80000001, 0x7, 0x7, 0x4, 0x3, 0xf64c, 0x0, 0x4, 0x9, 0x8, 0x5, 0x19, 0xfffffffd, 0x0, 0x2, 0x2000, 0x0, 0x3, 0x7fffffff, 0x7fff, 0xb9d, 0xb9c, 0x3, 0x8, 0xfffffff8, 0x4, 0x4000005, 0x7a23, 0x2, 0x400, 0x85, 0x6e], [0x8000, 0x4, 0x6, 0x4, 0x3, 0x57bb, 0xd71a, 0xb, 0x12, 0x4, 0x8, 0x4, 0x5, 0x7, 0x4, 0x10001, 0x7, 0x1, 0x0, 0x0, 0xf, 0x9, 0xfffffff7, 0x0, 0x4, 0xbc4e, 0x9, 0x5, 0xddc6, 0x4, 0x7ff, 0x9c, 0xb8f, 0xc, 0xfffffbd6, 0x0, 0x9, 0xfffffff4, 0x5, 0x9, 0x0, 0x1, 0xfffffff7, 0x4, 0x5, 0x8, 0x2, 0x6, 0x7, 0x10000, 0x101, 0x5, 0xfee, 0x8, 0x6, 0xfffffff7, 0x4, 0x9, 0x5, 0x8, 0x4, 0x1, 0x3, 0x2], [0xffffffff, 0x3, 0x8, 0x7, 0x26a, 0x0, 0x10000, 0x9ae, 0x81, 0x1, 0x9, 0x0, 0x1, 0x6, 0xe83a, 0x1, 0x8, 0x0, 0x3, 0x2, 0x1000, 0xa, 0x1ea7, 0x3, 0x218, 0xe, 0x10, 0x0, 0x1, 0x1a0, 0x40, 0x6, 0xa, 0x5, 0xa, 0x7, 0x4, 0x80, 0x1, 0x2adb, 0xf, 0x7, 0x7, 0x9, 0xfffffff3, 0x5, 0x3, 0x7, 0x1000, 0xd, 0x1, 0x80000002, 0x3, 0x0, 0x3, 0x7ff, 0x8, 0xfffffffe, 0x9, 0x10000, 0x2, 0x4c, 0x1800, 0x2], [0x21, 0x1, 0x6, 0xcbdc, 0x7, 0xc, 0x3b0, 0xe, 0x8621, 0x3, 0x2, 0x4, 0x5, 0x9, 0xb, 0x400, 0x2, 0x7ff, 0x2, 0x400, 0x9, 0x1, 0x80000000, 0x1ff, 0xfffffffd, 0x7, 0xffff, 0x3, 0x40, 0x1, 0x6, 0x6, 0x2a, 0x6, 0x8, 0x10007, 0x2, 0xffff7aaf, 0x6, 0xf, 0x0, 0x0, 0x7, 0x10001, 0xdd17, 0x6, 0x7, 0xa9, 0x1, 0x4, 0x10, 0x8, 0x800, 0x4, 0x2, 0x3, 0x0, 0x0, 0xfffffff7, 0xa, 0x3, 0x5, 0x2, 0x9]}, 0x45c) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x810}, 0x20008001) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000540)={'syztnl2\x00', <r6=>0x0, 0x1, 0x740, 0x2, 0xfff, {{0x27, 0x4, 0x2, 0x32, 0x9c, 0x65, 0x0, 0x2, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@rr={0x7, 0xb, 0x54, [@remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @ssrr={0x89, 0x13, 0xdd, [@private=0x1, @local, @local, @dev={0xac, 0x14, 0x14, 0x40}]}, @lsrr={0x83, 0x1b, 0x45, [@remote, @dev={0xac, 0x14, 0x14, 0xf}, @dev={0xac, 0x14, 0x14, 0x42}, @broadcast, @empty, @dev={0xac, 0x14, 0x14, 0x16}]}, @end, @timestamp_prespec={0x44, 0x3c, 0xb8, 0x3, 0x6, [{@empty, 0xf}, {@private=0xa010101, 0x295}, {@multicast1, 0x3}, {@broadcast, 0x41}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0xf0}, {@rand_addr=0x64010101, 0x7ff}, {@loopback, 0xfffffff7}]}, @ra={0x94, 0x4}, @end, @generic={0xd7, 0xc, "9622fc4aa408f992262d"}]}}}}})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000000300"/20, @ANYRES32=r6, @ANYBLOB="01980600400100001800128008000100677265000c00028008000700d5fd1400"], 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) (async)
sendto$packet(r1, &(0x7f00000003c0)="766101c9fa3b7031489b3186833f9810c24b7d64b4d01dd8ca8a13e45794d995cbe973ddf478fe6b793ff7ebd44b3f020fa57bd5a56c499504c26ee53377fd818871277241ca4a99a1c92678a3b146ccec89e03d8144b73958be070ca901d26814f6a53cf76220f96490d2b3a6b656c6d1f68d67783fa75b35ce093b7d76c5", 0x7f, 0x40001, &(0x7f0000000100)={0x11, 0x5, 0x0, 0x1, 0x1, 0x6, @multicast}, 0x14) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)

1.990956806s ago: executing program 3 (id=2740):
creat(&(0x7f00000001c0)='./file0\x00', 0x8)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r1, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newtfilter={0x64, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r1, {0xffe0}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_SCTP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ARP_SHA_MASK={0xa, 0x40, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff]}, @TCA_FLOWER_KEY_IP_TTL_MASK={0x5}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14, 0x20, [0xffffff00, 0xffffffff, 0xff, 0xff000000]}]}}]}, 0x64}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x10)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, 0x0, 0x0)
mount$9p_virtio(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x2, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e7354766972c8ed7138ef38736b6f6e3d3970323030302c009bf982fa289dc134ff2f01778810dbc515a12a3a3883ed67c4af8b2f2936b85c175822f79de0339ff2f3e6d8203aa8030b3764e472b2c4fe4368d13a8c228d2e575d4ab71b087043474bdd1ae755e075b7f35602fa1dad2195a2720a61425d6c0d0fe3439e30e2e1e1f77dc86e1130b1e3"])
clock_gettime(0x0, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f0000000040))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
vmsplice(r6, 0x0, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
removexattr(0x0, &(0x7f0000000280)=@known='trusted.overlay.impure\x00')

1.934441325s ago: executing program 2 (id=2742):
socket$nl_route(0x10, 0x3, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x50313134, 0x0, 0xa, [{}, {0x10}, {}, {}, {0x6}]}})
socket(0x2c, 0x803, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00'}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r2, 0x0, r3, 0x0, 0x7, 0x9)
write$P9_RWRITE(r3, &(0x7f0000000040)={0xb}, 0x11000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, r4)

1.86878138s ago: executing program 5 (id=2743):
socket(0x2, 0x2, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid() (async)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socket(0x10, 0x3, 0x0) (async)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001b00)=@newqdisc={0x78, 0x24, 0xd0d, 0x0, 0x25dfdbff, {0x60, 0x0, 0x0, r3, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7fffffff, 0x14, 0xfcc, 0xca1b, 0x9}, 0x81, 0x0, 0xc8c3, 0x40, 0x4, 0x1c, 0x6, 0x8, 0x9, 0x1, {0xfffffff5, 0x4, 0xad8, 0x7, 0x4, 0x4}}}}]}, 0x78}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x2, 0x8000, 0x810, 0xffffffffffffffff, 0x200}, 0x50)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) (async)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r6, 0x0, 0x0) (async)
write$cgroup_int(r6, 0x0, 0x0)
dup(0xffffffffffffffff)
r7 = openat$vim2m(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_TRY_FMT(r7, 0xc0cc5640, &(0x7f0000000040)={0x1, @vbi={0x7, 0x4, 0x2, 0x30385056, [0x8001, 0x5], [0x1, 0x4], 0x1}}) (async)
ioctl$vim2m_VIDIOC_TRY_FMT(r7, 0xc0cc5640, &(0x7f0000000040)={0x1, @vbi={0x7, 0x4, 0x2, 0x30385056, [0x8001, 0x5], [0x1, 0x4], 0x1}})
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7)
ioctl$FS_IOC_RESVSP(r9, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762})

1.725535857s ago: executing program 5 (id=2745):
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
clock_getres(0xfffffffffffffffb, 0x0) (async)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='exfat\x00', 0x8080, &(0x7f00000001c0)='discard')

1.439827077s ago: executing program 5 (id=2749):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000300), r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000180)={0x1, 0x0, [{0x40000006, 0x0, 0x6}]})
sendmsg$NET_DM_CMD_START(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r1, 0x1}, 0x14}}, 0x0)

1.392767254s ago: executing program 1 (id=2750):
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet(0x2, 0x3, 0x2)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2000000, 0x132}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000002300)=<r5=>0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x8, 0x0, 0x0, 0x0, {0x3}})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x10, 0x2007, @fd, 0x8, 0x0, 0x0, 0x2})
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xb, 0x9}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

1.388822428s ago: executing program 5 (id=2751):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r0, &(0x7f00000015c0)=[{{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f00000004c0)="8df75068d8fcd2936c944e47a50ecaa9f0d66b26128dd1561ecae2aa3d81c1e1af60bc04af369f834bfae1a92d768590f3d79de4a21c65093ed92db89507c8a4d685aaf20c15e1c3ff26f7e06e05da979d735981f9b465d3af9c5cd3293d154bc7ae67126e0e6ddf10a181907cc83cb6994220fa68aa956d821e75fb54548468812d1974d9e277d0fe350dd299b9264dfbaf3bd557b5423b29dde1e8d935bd892f31eddf178396c2d1ecedeafb007b5a", 0xb0}, {&(0x7f00000003c0)="27fc5829e434e482d923fdd552b3fee1fc7f063a086e6096184e91829c00e8aa41b2edc17a3d0656ce7653c7c7a2de3a07f15173ff0c683016afeaadaae4dfb3a27dd9df9993289ab469647e3551257283199af129e626dadcddec8dc82f14ba060f04f1", 0x64}, {0x0}], 0x3, &(0x7f0000001640)=[{0x28, 0x108, 0x2, "5c366db1289df9da107516abb0ff0cc734b359069d143b1e239f"}, {0x40, 0x119, 0x6, "4967e44577dfd20dd12db4321ec9e1d3f7c9b374812dac920ca659fc14fb02d8e4e620203bbc10253bf7526f11706f36a4f4cf"}, {0xcc, 0x11, 0x80, "ec5cb0ef703e6fc4165777fbe050d2ad462521d71dc07d73e4c3c6366afb73dc046e0a0739647eb12be16cc4ed6ba1110b04730a93db11435aa96a1c39499b968e977e8b9bd09674912af693c3749b0e2dcddf44166664d39f8344b38d55d45961d367c91093d1923be1354b8ae60cd08bd5d6ecff2208ef3b4e22b750c90a312a54adbd16d89f12d622315820712243f1573336711782fbfe39d38cefbf516e9e76219509f16b8d4d2e4412fd2588849201def336693faf3b42d5aa72"}, {0xa0, 0x9b, 0x2, "8d9917f269c05369578e9f33acc7eb2d25140addc90de1a6b536f88604bce77d22550ee99150d6fd2d269352733ca19f95c1a5c7c17ccc839ba3f19435e3bef5ba72f29105b70cd94a8aec5b6174f1b4800cace9592f3b5ab0e0e21d24baf749acdc0f6c3133a9161cc8916b72bb004357d645bcbfd65abd5fc7eef731994505f10586fae0246e3a99ae9dd534b1d0ce00"}, {0x2c, 0x88, 0x9, "05cae0cb71325ad11146650258e5e90046bef44aaa5dd2c9ee6ad37203"}, {0x20, 0x103, 0x80, "687933b3da4277b3aa616033fae21f7c6e27"}, {0x38, 0x108, 0x20400, "c88898ec396ad703fb721825f4fb28f67ca191be622e9c32408a08978e805af78728a2a4fcf9c584362ebc"}, {0x14, 0x10d, 0x1ca, "6606bcb62a4d"}, {0x94, 0x108, 0x3, "a58cf421cc78ebc2b155b75417ead811286012fb7b76ff666397f0148353c688ce6b805b77377e6707cdedc97c0f84ce40505b966cf107591b0c665a1d4c451126035ad530a796b82013c08e6a9332186fc6cafccf8b054ea9942555c3b3cc1f02fb8cfa17228198fae83aca74babfcc5ac85ffbcc5749e637a4b9dcd46bdc15ba709633f72d5b"}], 0x300}}], 0x1, 0x50)

1.335530738s ago: executing program 1 (id=2752):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/4\x00')
write$binfmt_script(r1, &(0x7f0000000e00)={'#! ', './file0', [{0x20, '\x1a\xed\x9f\x97\xcb\x15\xcb\xf9u\x15\x91qsA\xd4i?\x0e\xfa\xde\x9a;d2k\t\xbd\x9e\x86\xe0\xb8sc\xb4G\xfe`\xd2\xf8{=)\x19<\xefQ\xf2\xa2\xa8\x9el\xf5\xf4X\x86M\xad\xeaoucm%\xdc->\xedX>'}, {0x20, 'fdinfo/4\x00'}, {0x20, ',w\xcf\x02\xc6g\xf5>hf\x85\x11+\\\x06!/,/^.+\xd5'}, {}, {0x20, '\x00\x00\x00\x00\x00\x00\x00\x00\x00$\n\xbb\x8c9B\xcdL\x87\xe2\xb9Z\v/\x05gO)\x91g\xa7\xfb\xbd\x13\xc0\x97\xc8\xa0\xa8\bU\\\x8a\x87\x1dM\xe5\x11\xf3\xe8\x96\fV^\xb1\xa5{\x9a\x1eP7\x8f\xfc\xe4o\x7f\xe8\xf8b=L\xd9\xac\xef\x0e\x17\xa4\x01\v\xe1Cp\x1c\xa13\xbb=\xc6D\x91\xfe\x1a\x81\xd1!\xbf\x93\x88\x83\x1b\x96-\x9e\xce\xa4,\xc2\xb2\x11\xf3\x01\xcd\xbd\x92\xd9\x9f\xb5\x89f\xa2\x81\xd52|/;\xc6\xbf\x0eI\xa9\xe4\xb6\xf7rB\xfb\v\xd60\x1f\xdc\n\xb8\x1e\xc2v~\x96\xc1\xa9\x04; _\x10\xf87f3T\xd2\x96e\xf1\xffq\x9fV\xcf\xef>\x9c\xcf^\xfb<\xde\x11\x19\xbc\x8eP\xb4\x83\xc8C\x0e\xc2\x14\xfa\xeb\\\x91\x00[(\x19\x1e\xbfo0\x96aRqu\t\x0fm\xa3\x1e\x9d\xceY\xe2EC5\\j@\x98\x9bA\x05\xa1\x15(\x86\x9f\xf7\x9d\xef\xb9\x05\xe7 \xf8$\xfec.l:\xefE\x1e\xb8\xcb\xcb\x17\xa4\x9d\x8e\xc9\xfeQ\x81\x12\xf9\xd1\x92X\x01*C\x9b\x85(\x91\xd3\x81\xa0\xbf\xb9\xde\xc5\xe9G\xf9\x1c\xc1\xf7\xf3\x06\xea\xcc\xa7\x18\xc7\xc8#Y\x9e:\"\x84R1.\x17\xb28\xca\x9b\xbd\xeb\x1e:1\xc9\xa0\xf1\x82\v\x16*I\by&\x93\x14\x10D\x96\xb8}=z\nc\xcf9\xca{#J\x93\x9b\xd5)\xc9\xef5\xb1q\x17\\z\xd8\x82\xe6\xd6\x8fQ\xd9G\\\x04\x95\xe4\xb8?\xa1S[zI\xb1\xd8\x16 \xce\x1b\x13\xfd\xe6\xc0\x83\x7f\xe0\x9a\x95#S$cu\xabj\xb9\x0e\x11\re\xecT\xe88\x16[\xcb\xc3\xefF\xcb\xe9!\x98\xf8\xc4\xcf\x8a\x13\x1aT\x8b\xe9>:PVX\x8f\xbc\xe4\xe4\xdd\xbc\xbc\xcd\xac\x8b~'}], 0xa, "370531b54b05b10d3cc27ee5c071833f5114ab65ad8aad4d4294f90f89de4c1997386d515486266ba03efa99d4cfe85cfe4108d12fa075ecd8f81fd1ac2dfb5a96cce0713bd42d83c7e533fbd644"}, 0x276)
sendmmsg$inet(r0, &(0x7f0000003040)=[{{&(0x7f0000000680)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000940)="b3fe109a0a0e5fbf3f4e8ce314c9dee2296599bb37db484506f7f4a1fab11782e0e1581812720001a80b9a0f3b1906d25b5efb254a1119eafe8167fa354fb03a066c8733d91c9127a8c77f2d647fbee113e52351c782ebfba85879d9482fd52ff178111c30472dc8243f1e28fc4d6127452b0d5b98c225054f78c4db08b2aaa9275252150a05682058a0c2b50728dd04c8040000007233beaa311ecc5fe3fa158d", 0xa1}, {&(0x7f0000000cc0)="e35f7e5e5ac5e9f0cd5260605ba7cda81ba1559f17393edeb50e129851c8070000000000000005d4b034d0ce1f6e0be5b65e51007de194d43163a764136ee239c65b382cbf2c46ced59f283332621e64913a530016bc320cb091f6fc2c8b8af6884caccb5a8cef9382455f4b1540ad90b9308269b06fe596f2f4935802420035d8efc47278940beabec4d40fa02b2a7b3f179ac1d1c332424093c93924b0fb97f23a2ce3a5ffd46a4ca58d205e8263de6c8f35ae0bdf26e7665d4521dc583997930691d414e950900194770778184d57e2a7bfbbb812ed678dee3f02a1c54cfd4c2faee9cd398d28b9f4f5fb8eb0290290399155c805fc6c3f6329e625d718b0215af67c4482ab8af756b973664ab0a372ecea980cf89a63de97a4f0721aab97a9", 0x121}, {&(0x7f0000000440)="a632d1428982a252324f258392e316f18cf86b2e26ac0af8c71b95c35316f3831129f3e611dc5fa965da50320d75fbe2c7d16c59081ce03b9792739343bf80dbc4659935a61e2b9a7fe3a4a89869f95f15cd0fe0cbc18f6a6d873a310a108980d9011aad98d0e0dddb70480bd18486191b33112719854b86cb73be4fcff420a4caa64c932b46ba10031706e2fa27537ff5b9ee7f54d19f8a6d5dcc1711be704ea7424b04854aa7ea52a67f412b25168797edb27644d2b8356bedb99f1fbe00567f2438cb4f205ad8c0c91d75385b90c102000000000000002c8bcbe34f9411542cc837ee91388dc51b9c9e60a52da69045f95ade368dc4d145513ea2260dc86d637b44376576648e7adca3e283860d34b8bcb6d16aa39d00000000", 0x11b}, {&(0x7f00000007c0)="ae01c1ffa47432736ef41d1ca7a55e6ee84fc95a490173e6f97a5c34095cb06b53d352aa1286e3af37ba4d1bac9280fe71822e0900ef5878455e97286102cdde893d7ccc8f6fbaf39ebfc87a0889162556dd2c750b72373cfc7c03b20d68bac0e03f2957d4cebb8fbac2af9aba141fe5820064122f5bd93ebef6e200989cdb3c826109a322a771d15a939ef2b800089a8694e29cbdf892bb8117526046ceb41781f58ebd2fa05936a120f19ecc081392e9996f697e2f", 0xb6}, {&(0x7f0000000580)="6b9cacb7f6804c331a3aa9379734ec2aedb597c32af634ddb581e3cef4c3058812b5118b70a11b4169426d7df4887c10782a5cfc7f8ea9995dea4ac79993469d55895298a177c1e96fbc02b422b2f658450f124c1f7fbb0ffc995cac4fb8186835e2811d77f90cd9a4d933cb708bc5a346e7fc85379cca848191ce387c3aba4c12d2c7a110b4ce3114b3bd8d1b7b116a803bd8ce2405f7c43700329ad680dfa721b65823c09cca147a24f365e0cbc678092ae44a632b5c8da7f3e8b31ceaf1b5577b783908da7734f30d7ade6113b3adfebb2b03ed05", 0xd6}, {&(0x7f0000001180)="c545b8e6891930d00e0c9f9a34b60edab22431d599675d86f2f876ea962ace703f8afaf9c4262d97ed63349f484d868856c1bc9cca3150f7e96d42e36ab839caeb28614673b668f1d4bfbc2ffdc9bbb7faa421ca301c10368c46010ec37a088c3414908889082d9fdffe5f74be78e4ab3d545c22d3148d9b024b52ac9280db8ea86894997c083e31229fa2365a8bceb69178468b0b7741df61069d66365ec555624cf395e1359669aec4eb18c84c59149442a7315383dd26efb1c7e3ad05", 0xbe}], 0x6}}, {{0x0, 0xff8e, &(0x7f0000000180)=[{&(0x7f0000000ac0)="65582f9359a0131171dfb403e1249c431ad1fe8b66afd6ef0c978154f4a27eb98cb25896eeff99e775a758a7a4ce88468bea15e461e3cc83087a642104112fe047a567b0714f81ac002aab74fc8c960ad78df3473fa60d537ecf5a373c13a0c8a6b5686cee856ff661c9399efe5bfe82d20be58ac1339835874e9dcb22e5e572b0c0", 0x82}], 0x1}}], 0x3, 0xc044)
write$binfmt_misc(r0, &(0x7f0000000300), 0x5b0)

1.268412067s ago: executing program 1 (id=2753):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000300)={0xb0000000, 0x6, 0x6, 0x8}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0xfffffffe, @empty, 0xe}}, 0x0, 0x0, 0x26, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4d93fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8)
sendto$inet6(r0, &(0x7f0000000000)=':', 0x1, 0x5df84d6276e5316f, &(0x7f00000001c0)={0xa, 0x4e22, 0x1000, @empty}, 0x1c)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_PPC_ALLOCATE_HTAB(r7, 0xc004aea7, &(0x7f0000000000)=0xfffff37b)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000340)=[{0xb1, 0xc, 0x77, 0xfffff024}, {0x6, 0x0, 0x0, 0x2}]}, 0x8)
setrlimit(0x5, &(0x7f0000000180)={0x2, 0x5})
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
sendmmsg(r4, &(0x7f0000001c00), 0x400000000000159, 0x40840)

1.150882329s ago: executing program 3 (id=2754):
mmap(&(0x7f0000313000/0xa000)=nil, 0xa000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0xffffc000)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x4e, 0x2, 0x0)
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
umount2(&(0x7f0000000100)='./bus\x00', 0x8)

1.120234557s ago: executing program 2 (id=2755):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000000)={<r3=>0x0, 0x2}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r3, 0x4)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x73}, "aa6a4b7ab9b27da1ab31c37c6a066c7583fadf135ae61b08c3871f594935687708ad0d6ec979ba6cab2a87ffad539fffc8d5c61b73a944e7b79efc2647a9f65143f347782a7af7c93d1c17a80421b881923f0c01d4f7d3de60715ba835511e7b2999ac9e52cf99266493dff3b56b673fb7de9e"}, 0x77)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x90, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x68, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x58, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x40, 0x5, 0x0, 0x1, [{0xa, 0x4, @random="79fca22eca93"}, {0xa, 0x4, @multicast}, {0xa, 0x4, @remote}, {0xa, 0x4, @random="a01cd0bf51bd"}, {0xa, 0x4, @broadcast}]}, @IFLA_MACVLAN_MACADDR={0x8, 0x4, @local}]}}}, @IFLA_LINK={0x8}]}, 0x90}, 0x1, 0x0, 0x0, 0x4800}, 0x0)

1.030041731s ago: executing program 2 (id=2756):
r0 = socket(0x10, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff)
unshare(0x2c060000)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4], 0x38}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x60040, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
r7 = epoll_create1(0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
close(r8)
r9 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r9, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r9, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)="67d8902400aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c14498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5c74a2ee3c2fc50067be05a677ff52a7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fedb679328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e27252804059094a318c4cdeeddd5793a427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a958df39f9c5a8c8e876a52816446d0106f4a81dba144c80fda0b401f0774edbf73b3de44d7ca5c28b0830910f3b02be5e8", 0x427}], 0x2}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000080)={0xa002a008})

987.229384ms ago: executing program 3 (id=2757):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x42082)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0xc0f85403, &(0x7f0000000040))
r1 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000000c0)="aada4aa6be8436a3c1f810f16d8766ffbae759cbc3a537d16aebcd21adbd870bbe9f13aa364560ff2449e70ea66c59303ffb82b5d39739125325d5c3e0f57869272aed5f9d5fb0d236522aaae4959881b91fdffefe2100f336422c521fbad93021c981fb2f59d67de2f24f2e0a81e2b7fcd3d4863fcdd3936439591b9aab9d851206515c73fe83b37c5e39932616dbc3bcf1896f8943d43ef6af0891d5f76ee43bb7f7843eb3fda8271d4f9205f6ffc7632284c7ade7b0e8085053c7548884220cc615e3790902f062a8c546668f14f67edc734b2b9bd79ea1ca740e8f2df62f", 0xe0, r1}, 0x64)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x421, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad, 0x60e1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x2)

920.69853ms ago: executing program 2 (id=2758):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f0000000900)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df89507000000fb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b9070400000073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f6ff1f6cb79b93f20752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf458aac3314007c3e35d5e4bed6b897608b01e7e26a54433e5f5c74a2ee3c2fc50067be05a677f122b7dba7010830b879a41b579d44158fb89ea05761d2d369853bea84dfb8081ed7b891dcb3bb3361534fdc5252e4964aed936ad2838e7af14fc65c7c1c6d44c6256f2462ae83cfd6a6b2651da607fe79d345e5080098e9e6e7482cc5c267e00d8d09dcde70b60fe6220fe9530547201664db91cf1885ecc2f106b66cd99131523c99f6102ddd7403791b3a7ac59b256cc4c938fe01740ae4f19b5204ca305b1666b0c2a7e5015d6d530995843adfbac3954306d4cd82257d4d2c3283d45dbae43548fed9879328f114f7c8238ac955391b24614d91be1701ae07c170a9c299fcf3d0ac4cea07e88fbf66b697883af17a06ac3f9954eb2fbd20f101802cd023fc48c5d464c16059cc9dce8558c5322ac7612db0e2725427628c2c41a21f0d2f3962e32f710bf9e216ff1694e8d88c8a81328744b36d9ef9f08c0ea3ccd4f8729e2f00a048162834a95", 0x3f1}, {&(0x7f00000003c0)="128b9306006d4810e5ac5040ad9201847839fc378469d5765b9cc241840896c1498194a7197b45d74a8532b82037b02c9e6045c361eb", 0x36}], 0x3}, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
recvfrom$ax25(r2, &(0x7f0000000100)=""/87, 0x57, 0xeb59d7796265ba1a, &(0x7f00000002c0)={{0x3, @null, 0x4}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$binderfs(0xffffff9c, &(0x7f0000000280)='./binderfs/custom0\x00', 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@enum={0x0, 0x0, 0x0, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x1000080, [{0x0, 0x2, 0x955a}]}]}}, 0x0, 0x4a}, 0x20)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0xf}, {0xd, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x10001, 0x3, 0x0, 0x7}, 0xf0, 0x1, 0x8, 0x3, 0x88a, 0x9, 0x8c, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5)
sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044040}, 0x8842)
socket$kcm(0x10, 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, 0x0, 0x20000000)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_genetlink_get_family_id$tipc2(0x0, r6)
sendmsg$TIPC_NL_NET_SET(r6, 0x0, 0x4004044)

862.955435ms ago: executing program 3 (id=2759):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x1}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {<r2=>0xffffffffffffffff, 0xee00}}, './file0\x00'})
statx(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x2000, 0x200, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
fchownat(r1, &(0x7f0000000080)='./file0\x00', r2, r3, 0x1000)
write(r0, &(0x7f0000000040)="09000000010000", 0x7)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) (async)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) (async)
statx(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x2000, 0x200, &(0x7f0000000140)) (async)
fchownat(r1, &(0x7f0000000080)='./file0\x00', r2, r3, 0x1000) (async)
write(r0, &(0x7f0000000040)="09000000010000", 0x7) (async)

783.666325ms ago: executing program 3 (id=2760):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000300)={0x8, {{0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0x39}, 0x6a3c}}, {{0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}}, 0x104)
getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000380)={'mangle\x00', 0x0, [0x800008, 0x7, 0x100, 0x47]}, &(0x7f0000000000)=0x54)
r2 = getpid()
fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x1, r2})
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0))
r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_ENUMINPUT(r3, 0xc050561a, &(0x7f0000000300)={0x3, "61e10d20bd96c3f6139ae88d2603b7e42c829b582a56f5e8b80776d78e2a024f"})
mkdir(&(0x7f0000000440)='./file1\x00', 0x2)
mount(0x0, &(0x7f0000000200)='./file2\x00', &(0x7f00000001c0)='securityfs\x00', 0x200a8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
set_mempolicy(0x4005, &(0x7f0000000080)=0x3, 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x200000a, 0x4c831, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x228942)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
r7 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0xf1ab, 0x8, 0x1, 0x207}, &(0x7f0000000180)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r5, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r7, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f00000001c0)={<r10=>0xffffffffffffffff})
r11 = socket$inet_udp(0x2, 0x2, 0x0)
splice(r10, 0x0, r11, 0x0, 0x4ffe6, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
futimesat(r4, &(0x7f0000000080)='./file2\x00', &(0x7f0000000180))
socket$netlink(0x10, 0x3, 0x10)

527.184308ms ago: executing program 5 (id=2761):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x48101, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) (async)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async)
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='configfs\x00', 0x0, 0x0)
rmdir(&(0x7f0000004340)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000040)={0x1e0003, 0x0, [0x10001, 0x2, 0x7f, 0x4, 0x8000, 0x3ff, 0x5, 0x9]}) (async)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x1, 0x0, [0x0, 0x7, 0x7, 0x3, 0x5, 0x6, 0xfff, 0x5]})

429.486164ms ago: executing program 5 (id=2762):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=@newtfilter={0x7f4, 0x2c, 0x1, 0x70bd25, 0x2, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x5}, {0xa, 0xfff3}, {0xffe0, 0xfff2}}, [@TCA_CHAIN={0x8, 0xb, 0x7}, @filter_kind_options=@f_cgroup={{0xb}, {0x77c, 0x2, [@TCA_CGROUP_POLICE={0x414, 0x2, [@TCA_POLICE_RATE64={0xc, 0x8, 0xff}, @TCA_POLICE_RATE={0x404, 0x2, [0x3, 0xe, 0x8, 0x8, 0x1, 0x1, 0x9, 0xf, 0x6, 0x6ff, 0x3, 0xb, 0x1, 0x5, 0x7, 0x5b38, 0x5, 0x6, 0x9, 0x5, 0x9, 0x7, 0x8, 0x7f, 0x6, 0xf, 0x8000, 0xffffffff, 0x4, 0x5, 0x80, 0x5, 0x7, 0x0, 0xfffffffd, 0xa83d, 0x2, 0x6, 0xb2, 0x6, 0x100, 0x0, 0x5, 0x8, 0x1, 0x0, 0x1, 0x800, 0xf, 0x8000, 0x5, 0xd5, 0x5, 0x400, 0x0, 0xffffffff, 0x8, 0xfffffff1, 0x8, 0x9, 0xa, 0x4, 0x8001, 0x10000, 0x5, 0x8, 0xfffffffd, 0x5, 0x4, 0x7, 0x9, 0x7, 0xf5ed, 0x4, 0x5, 0x1ff, 0x1f, 0xbb, 0xfffffffe, 0x4, 0x863c, 0x3, 0x6, 0x0, 0xfffffffc, 0x4, 0x40e, 0x1, 0x9, 0x6, 0x8, 0x80, 0x8001, 0x69b9, 0x2, 0x7, 0x3de3, 0xff, 0x7, 0x3, 0x4, 0x0, 0x80000001, 0x2, 0x2, 0xf, 0x9, 0x0, 0xc, 0x7fffffff, 0x7, 0x3, 0x1, 0x2, 0x1ff, 0x9, 0xfffffffe, 0x3, 0x2, 0x1a, 0x10, 0xffff2c2d, 0x4, 0x0, 0x385926ef, 0x1, 0x6, 0x0, 0x40, 0x5, 0x3, 0x4, 0xffff, 0x6, 0x5, 0xd, 0x7, 0x4, 0x7fff, 0xc8, 0x8, 0x1, 0x6, 0x9, 0x9, 0x4, 0xaf, 0xabd3, 0x0, 0xcb, 0x21b, 0x10000, 0x10, 0x8, 0xfe, 0x3229, 0xfff, 0x800, 0x7fff, 0x7, 0x7ff, 0x7, 0x8, 0x7, 0xa00000, 0x8, 0x9, 0x1800000, 0x9, 0xff, 0x6, 0xff, 0x3, 0x4, 0x81, 0x4, 0x3f, 0x7, 0x1, 0x4, 0x5, 0x0, 0x3, 0x18d, 0x5, 0x9, 0x2805b5d1, 0x7, 0xd2c8, 0x5, 0x3, 0x10000, 0x26bdf8c0, 0x44, 0xad, 0x6d, 0x80000001, 0x7fff, 0x5, 0x2, 0x3719bb77, 0x4, 0xf2, 0x5, 0x2, 0x6, 0x7, 0x0, 0x1, 0x5, 0x101, 0x4, 0xa5, 0xb0, 0x64ad, 0xfffff150, 0x9, 0x4, 0x4, 0x9, 0x1, 0xeb, 0x3, 0xc3, 0xb421, 0x2, 0x1, 0x1960, 0xf, 0x3, 0xfe, 0x80000001, 0x6, 0x6, 0x5, 0xfffff19a, 0x81, 0x1, 0x3, 0x8000, 0xe78c, 0x8, 0x10000, 0x3, 0x9, 0x1, 0x0, 0x350, 0x4, 0x6, 0x8, 0x9, 0x7, 0x7, 0x5, 0x9]}]}, @TCA_CGROUP_ACT={0x364, 0x1, [@m_skbmod={0x158, 0xc, 0x0, 0x0, {{0xb}, {0x50, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @random="e1fc7df111a9"}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x3, 0x3, 0x7, 0x3, 0x8}, 0x8}}, @TCA_SKBMOD_PARMS={0x20, 0x2, {{0x4, 0x1, 0x20000000, 0x7, 0x3}, 0x7}}]}, {0xdf, 0x6, "6661675105e8275ebdd436449588aa2ea22052858467f7583c1f319c64ae2d7fed934826b3ea95382a708019d222ccf64bf5b1a3216f6f32913386c24b22a0264c6fb425db74af0e4cfffc8d8364e0260c571c6487c472708d8025958fafac70ca2e23d3b7706eaf70451c3353c24f71feca8c1ae22d77cfa0982cfc3cbcd7136144ac021e6e6b457d5084637dba29d1b9a453a5080a8057cfe442889831ea3e3455086c7760ccf266618474f17485377d35f62d7b22634976c952f263ee45aa1af14d8409bdfe831516caea42f1b06e7705905695d928cc01172e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x68, 0x4, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa}, @TCA_IFE_METALST={0x1c, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0x9}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x9a}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x9}]}, @TCA_IFE_DMAC={0xa, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, {0xc, 0x6, "49a5ed68a116ab39"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}, @m_simple={0x140, 0xe, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x6, 0x3, '#\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x8, 0x2ba6, 0x20000000, 0x4, 0xfffffffd}}]}, {0xf3, 0x6, "9f022443a1325ae624ab8f27c9f274ae2fc0c2fc19e657cd6090191081a10ac4705e65f7f9119535d10dca4f4266fc7996fe546bf62428bdbff4f33f845f49feb84e410558f16f0daf702e513d30d450adb66f5c4010980c750648c0f63845df76b105c65663d11a5114601fee0276548180914c023f3f5d833fd867dd1441f9b31b2ccc69b98149ebcd782816045a077d50a8acae20502a79f98b49211cc8ba5eed0c5cdd6ca69c7ec8d6bd9d513860598b7d14d0c694ac578440c4324b5acbc0406da887aaeb421dfa9dbb10986b18680f50cdc1777037571b3d0ded81cf9f437f55186ed17b9965e5d44644ba8a"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}, @m_sample={0x60, 0x20, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0xc, 0x7, 0x2, 0x5, 0x7}}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x1}]}, {0x12, 0x6, "03e4c28bfd5089c00c2208064140"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x5, 0x8}}, @TCA_RATE={0x6, 0x5, {0x7, 0x10}}, @filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xfff2}}, @TCA_FW_INDEV={0x14, 0x3, 'vcan0\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0xb, 0xa}}]}}]}, 0x7f4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
getpid() (async)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$KDFONTOP_SET(r1, 0x4b72, 0x0) (async)
ioctl$KDFONTOP_SET(r1, 0x4b72, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) (async)
r6 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_G_FMT(r6, 0xc0d05604, &(0x7f0000000140)={0x1, @sliced={0x4, [0x6, 0x9, 0xb, 0x1e0d, 0xd, 0x7, 0xfffa, 0xd40, 0xfff6, 0x5c, 0x7, 0x1, 0xfff7, 0x8, 0x6, 0x5, 0x8, 0xb, 0x773d, 0xf51, 0x9, 0x5, 0x7, 0xb, 0x5, 0x0, 0x7, 0x5, 0xff, 0x3d, 0x40, 0x7, 0x401, 0xfffd, 0x9, 0x3, 0x8, 0xab8, 0x8001, 0x61fb, 0x10, 0x400, 0x3, 0x7, 0x4, 0x400, 0xfffc, 0x1000], 0x180}})
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000000)) (async)
ioctl$KDGETMODE(r7, 0x4b3b, &(0x7f0000000000))
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x800, 0x0)
io_uring_setup(0x7c2f, &(0x7f00000000c0)={0x0, 0x3215, 0x80, 0x2, 0x4a})
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x41100}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

346.731926ms ago: executing program 1 (id=2763):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_FADVISE={0x18, 0x19, 0x0, @fd_index=0x1, 0xffffffffffffff80, 0x0, 0x4, 0x3, 0x1})
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004440), 0x0, 0x10021, &(0x7f0000001200)={0x77359400})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) (async)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async)
readv(r5, &(0x7f0000000c40)=[{&(0x7f00000003c0)=""/7, 0x7}], 0x1)
r6 = memfd_create(&(0x7f00000007c0)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1) (async)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000003d0007010000000000000000037c000014003780100003"], 0x28}}, 0xc000) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) (async)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, 0x0) (async)
ioctl$UFFDIO_COPY(r7, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c011}, 0xc000)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) (async)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000)
getuid()
sysinfo(&(0x7f0000000240)=""/60) (async)
bind$inet(0xffffffffffffffff, 0x0, 0x0) (async)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000140)=ANY=[@ANYBLOB="bbbbbcbbbbbb00000000000008004b1500c1491e8780f0d3b79054340064000003019078e0000002ac1414aa94040000890793ac140500000000000000143f000000"], 0x0)

249.754573ms ago: executing program 1 (id=2764):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) (async)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
dup(0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtaction={0x90, 0x30, 0x1, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_ct={0x2c, 0x1b, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x6, 0x6, "6af5"}, {0xc}, {0xc}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xbc0b, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a3000000000080041007369770014003300776c616e3100e2c900"/58], 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) (async)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

84.483919ms ago: executing program 2 (id=2765):
r0 = socket$inet6(0xa, 0x2, 0xfbfffffe)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x3ff)
r1 = syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x440100)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r1, 0x8008f513, &(0x7f0000000080))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mknod$loop(&(0x7f0000000080)='./file0/bus\x00', 0x6210, 0x0)
lchown(&(0x7f00000000c0)='./file0/bus\x00', 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007240)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0x6, @mcast2, 0x7}, 0x1c, 0x0}}], 0x1, 0x1c000)
sendmmsg(r0, &(0x7f0000005600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x81)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = io_uring_setup(0x8a9, &(0x7f0000000300)={0x0, 0xe4ac, 0x80, 0x1, 0x390})
io_uring_register$IORING_UNREGISTER_NAPI(r5, 0x1c, &(0x7f0000000380), 0x1)
sendmsg$IEEE802154_LIST_PHY(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r6 = io_uring_setup(0x4a12, &(0x7f0000000200)={0x0, 0x35ae, 0x6000, 0x1, 0x3a4, 0x0, r5})
io_uring_register$IORING_UNREGISTER_FILES(r6, 0x3, 0x0, 0x0)

8.698717ms ago: executing program 1 (id=2766):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x4008032, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) (async)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d", 0x24}], 0x2}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) (async)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'md5-generic\x00'}, 0x5a) (async)
r3 = accept4(r2, 0x0, 0x0, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f00000000c0)=<r6=>0x0)
sendmsg$NFC_CMD_DISABLE_SE(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0xc0}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x200080c0) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
write(r3, &(0x7f0000000040)="cb", 0xfffffdef)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x90) (async)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) (async)
chdir(&(0x7f0000000100)='./file0\x00') (async)
r7 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r7, 0x0, 0x0)
getdents64(r7, &(0x7f0000000140)=""/56, 0x38) (async)
socket$netlink(0x10, 0x3, 0x8)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

0s ago: executing program 2 (id=2767):
socket$pppoe(0x18, 0x1, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0xfffffffd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x5, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32], 0x48) (async)
r3 = syz_open_procfs(0x0, 0x0)
preadv(r3, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x6)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000040000680000000000000000197cd4594942cea0240000f1beb80bccc0de4496c8bb9824c9e0ff79f24618a3adb3f6b34da8e936f10940aa99c6e23f3934440fb228161a014474dfb7ae149f84e5bd26dc9f2d3c893229f6e33776d2fdc3d947b7afc984d0b6c4317b25c7577dcee9a7d33618c2deaa9bd58ad842de1b944373682823e38e752a4a198d47d842a0"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x6, 0x0, 0xb, 0xa}, {0xf}}, [@printk={@lu, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000014980)=[{{&(0x7f0000000140)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000001c00)='{', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000010700)=[{&(0x7f0000010140)="9b", 0x1}], 0x1}}], 0x2, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0)
fsopen(&(0x7f0000000480)='incremental-fs\x00', 0x1) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={0x90, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x4c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private2}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x6}]}, 0x90}}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="c00000000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff02000000020000000000000000000114000400fc00000000000000000000000000000108000740000000012c00068014000500fe800000000000000000000400000031140004"], 0xc0}, 0x1, 0x0, 0x0, 0x4040081}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newtfilter={0x15, 0x28, 0xd27, 0x0, 0x0, {}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x93}}, 0x0)

kernel console output (not intermixed with test programs):

][T14271]  slab_reclaimable:6827 slab_unreclaimable:68588
[  367.672784][T14271]  mapped:24307 shmem:5283 pagetables:1408
[  367.672784][T14271]  sec_pagetables:318 bounce:0
[  367.672784][T14271]  kernel_misc_reclaimable:0
[  367.672784][T14271]  free:48444 free_pcp:15303 free_cma:0
[  367.689101][T14271] Node 0 active_anon:208kB inactive_anon:220kB active_file:0kB inactive_file:12kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3752kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8404kB pagetables:1980kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB
[  367.700882][T14271] Node 1 active_anon:2992kB inactive_anon:30696kB active_file:6076kB inactive_file:68156kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:97212kB dirty:1172kB writeback:0kB shmem:17380kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6536kB pagetables:3652kB sec_pagetables:136kB all_unreclaimable? no Balloon:0kB
[  367.710980][T14271] Node 0 DMA free:2068kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:432kB local_pcp:220kB free_cma:0kB
[  367.720026][T14271] lowmem_reserve[]: 0 288 288 288 288
[  367.721750][T14271] Node 0 DMA32 free:22092kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:0KB free_highatomic:0KB active_anon:208kB inactive_anon:212kB active_file:0kB inactive_file:12kB unevictable:3536kB writepending:8kB present:1032196kB managed:295136kB mlocked:0kB bounce:0kB free_pcp:11744kB local_pcp:3740kB free_cma:0kB
[  367.731562][T14271] lowmem_reserve[]: 0 0 0 0 0
[  367.733173][T14271] Node 1 DMA32 free:169616kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:2048KB free_highatomic:2048KB active_anon:2992kB inactive_anon:30696kB active_file:6076kB inactive_file:68156kB unevictable:3536kB writepending:1172kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:49316kB local_pcp:15920kB free_cma:0kB
[  367.743531][T14271] lowmem_reserve[]: 0 0 0 0 0
[  367.745376][T14271] Node 0 DMA: 9*4kB (M) 6*8kB (UM) 2*16kB (M) 11*32kB (UM) 5*64kB (UM) 2*128kB (M) 2*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2068kB
[  367.751183][T14271] Node 0 DMA32: 495*4kB (UME) 213*8kB (UME) 15*16kB (UME) 167*32kB (UM) 64*64kB (UM) 24*128kB (UM) 12*256kB (UM) 3*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 22068kB
[  367.756668][T14271] Node 1 DMA32: 2058*4kB (UME) 785*8kB (UME) 426*16kB (UME) 312*32kB (UME) 112*64kB (UME) 134*128kB (UME) 134*256kB (UME) 64*512kB (UM) 38*1024kB (UM) 4*2048kB (UMH) 0*4096kB = 169808kB
[  367.762371][T14271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  367.765553][T14271] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  367.768450][T14271] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  367.771411][T14271] Node 1 hugepages_total=5 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  367.774457][T14271] 24484 total pagecache pages
[  367.775955][T14271] 644 pages in swap cache
[  367.777337][T14271] Free swap  = 97516kB
[  367.778704][T14271] Total swap = 124996kB
[  367.780021][T14271] 524155 pages RAM
[  367.781217][T14271] 0 pages HighMem/MovableOnly
[  367.782746][T14271] 209476 pages reserved
[  367.784181][T14271] 0 pages cma reserved
[  368.303172][T14284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2119'.
[  368.471471][T14284] veth5: entered promiscuous mode
[  368.896251][T14293] overlayfs: conflicting lowerdir path
[  368.978303][T14297] block nbd5: NBD_DISCONNECT
[  369.014230][T14302] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2123'.
[  369.052027][T14304] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2124'.
[  369.084474][T14306] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2125'.
[  369.113172][T14308] FAULT_INJECTION: forcing a failure.
[  369.113172][T14308] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  369.120320][T14308] CPU: 2 UID: 0 PID: 14308 Comm: syz.5.2126 Not tainted syzkaller #0 PREEMPT(full) 
[  369.120357][T14308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  369.120369][T14308] Call Trace:
[  369.120375][T14308]  <TASK>
[  369.120381][T14308]  dump_stack_lvl+0x16c/0x1f0
[  369.120409][T14308]  should_fail_ex+0x512/0x640
[  369.120435][T14308]  should_fail_alloc_page+0xe7/0x130
[  369.120459][T14308]  prepare_alloc_pages+0x3c2/0x610
[  369.120488][T14308]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  369.120512][T14308]  ? find_held_lock+0x2b/0x80
[  369.120531][T14308]  ? is_bpf_text_address+0x8a/0x1a0
[  369.120551][T14308]  ? bpf_ksym_find+0x124/0x1c0
[  369.120569][T14308]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  369.120587][T14308]  ? is_bpf_text_address+0x94/0x1a0
[  369.120609][T14308]  ? __kernel_text_address+0xd/0x40
[  369.120625][T14308]  ? unwind_get_return_address+0x59/0xa0
[  369.120654][T14308]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  369.120679][T14308]  ? policy_nodemask+0xea/0x4e0
[  369.120703][T14308]  alloc_pages_mpol+0x1fb/0x550
[  369.120725][T14308]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  369.120745][T14308]  ? kasan_save_stack+0x33/0x60
[  369.120763][T14308]  ? __kasan_kmalloc+0xaa/0xb0
[  369.120780][T14308]  ? __get_vm_area_node+0x101/0x330
[  369.120808][T14308]  alloc_pages_noprof+0x131/0x390
[  369.120831][T14308]  get_free_pages_noprof+0x10/0xb0
[  369.120851][T14308]  kasan_populate_vmalloc+0x89/0x1f0
[  369.120875][T14308]  alloc_vmap_area+0x959/0x29c0
[  369.120908][T14308]  ? __pfx_alloc_vmap_area+0x10/0x10
[  369.120938][T14308]  __get_vm_area_node+0x1ca/0x330
[  369.120967][T14308]  __vmalloc_node_range_noprof+0x271/0x14b0
[  369.120985][T14308]  ? __snd_dma_alloc_pages+0x50/0x90
[  369.121006][T14308]  ? __mutex_trylock_common+0xe9/0x250
[  369.121031][T14308]  ? __snd_dma_alloc_pages+0x50/0x90
[  369.121051][T14308]  ? rcu_is_watching+0x12/0xc0
[  369.121074][T14308]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  369.121093][T14308]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  369.121117][T14308]  ? __snd_dma_alloc_pages+0x50/0x90
[  369.121135][T14308]  __vmalloc_node_noprof+0xad/0xf0
[  369.121155][T14308]  ? __snd_dma_alloc_pages+0x50/0x90
[  369.121174][T14308]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  369.121196][T14308]  __snd_dma_alloc_pages+0x50/0x90
[  369.121216][T14308]  snd_dma_alloc_dir_pages+0x151/0x240
[  369.121239][T14308]  do_alloc_pages+0x136/0x2d0
[  369.121262][T14308]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  369.121291][T14308]  snd_pcm_hw_params+0x1656/0x1ba0
[  369.121314][T14308]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  369.121334][T14308]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  369.121355][T14308]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  369.121383][T14308]  ? __asan_memset+0x23/0x50
[  369.121401][T14308]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  369.121423][T14308]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  369.121452][T14308]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  369.121486][T14308]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  369.121505][T14308]  snd_pcm_oss_write+0x4c3/0xa10
[  369.121522][T14308]  ? bpf_lsm_file_permission+0x9/0x10
[  369.121545][T14308]  ? security_file_permission+0x71/0x210
[  369.121573][T14308]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  369.121590][T14308]  vfs_write+0x2a0/0x11d0
[  369.121617][T14308]  ? __pfx_vfs_write+0x10/0x10
[  369.121634][T14308]  ? find_held_lock+0x2b/0x80
[  369.121651][T14308]  ? __fget_files+0x204/0x3c0
[  369.121675][T14308]  ? __fget_files+0x20e/0x3c0
[  369.121691][T14308]  ? handle_mm_fault+0x200/0xd10
[  369.121715][T14308]  ksys_write+0x12a/0x250
[  369.121734][T14308]  ? __pfx_ksys_write+0x10/0x10
[  369.121780][T14308]  ? rcu_is_watching+0x12/0xc0
[  369.121798][T14308]  __do_fast_syscall_32+0x7c/0x3a0
[  369.121824][T14308]  do_fast_syscall_32+0x32/0x80
[  369.121848][T14308]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  369.121868][T14308] RIP: 0023:0xf705e579
[  369.121882][T14308] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  369.121898][T14308] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  369.121916][T14308] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  369.121926][T14308] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  369.121936][T14308] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  369.121945][T14308] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  369.121955][T14308] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  369.121978][T14308]  </TASK>
[  369.423113][T14315] binder: 14310:14315 unknown command 0
[  369.425229][T14315] binder: 14310:14315 ioctl c0306201 800001c0 returned -22
[  369.428094][T14315] binder: 14310:14315 unknown command 0
[  369.430228][T14315] binder: 14310:14315 ioctl c0306201 800001c0 returned -22
[  369.432544][T14315] binder: 14310:14315 unknown command 0
[  369.434873][T14315] binder: 14310:14315 ioctl c0306201 800001c0 returned -22
[  369.587235][T14317] 8021q: VLANs not supported on gre0
[  369.594027][T14317] random: crng reseeded on system resumption
[  370.000490][T14321] macsec1: entered promiscuous mode
[  370.249325][T14325] mac80211_hwsim hwsim14 syzkaller0: entered promiscuous mode
[  370.251786][T14325] mac80211_hwsim hwsim14 syzkaller0: entered allmulticast mode
[  370.376541][T14330] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2132'.
[  371.174097][T14341] FAULT_INJECTION: forcing a failure.
[  371.174097][T14341] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  371.178455][T14341] CPU: 1 UID: 0 PID: 14341 Comm: syz.2.2136 Not tainted syzkaller #0 PREEMPT(full) 
[  371.178470][T14341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  371.178487][T14341] Call Trace:
[  371.178492][T14341]  <TASK>
[  371.178497][T14341]  dump_stack_lvl+0x16c/0x1f0
[  371.178515][T14341]  should_fail_ex+0x512/0x640
[  371.178533][T14341]  should_fail_alloc_page+0xe7/0x130
[  371.178550][T14341]  prepare_alloc_pages+0x3c2/0x610
[  371.178568][T14341]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  371.178584][T14341]  ? rcu_is_watching+0x12/0xc0
[  371.178595][T14341]  ? trace_mm_page_alloc+0x11f/0x1a0
[  371.178612][T14341]  ? __alloc_frozen_pages_noprof+0x294/0x23f0
[  371.178626][T14341]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  371.178639][T14341]  ? finish_task_switch.isra.0+0x221/0xc10
[  371.178650][T14341]  ? lockdep_hardirqs_on+0x7c/0x110
[  371.178664][T14341]  ? finish_task_switch.isra.0+0x221/0xc10
[  371.178675][T14341]  ? rcu_is_watching+0x12/0xc0
[  371.178686][T14341]  ? __schedule+0x11a3/0x5de0
[  371.178707][T14341]  alloc_pages_bulk_noprof+0x71c/0x1410
[  371.178719][T14341]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  371.178736][T14341]  ? policy_nodemask+0xea/0x4e0
[  371.178752][T14341]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  371.178766][T14341]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  371.178786][T14341]  kasan_populate_vmalloc+0xf1/0x1f0
[  371.178801][T14341]  alloc_vmap_area+0x959/0x29c0
[  371.178823][T14341]  ? __pfx_alloc_vmap_area+0x10/0x10
[  371.178843][T14341]  __get_vm_area_node+0x1ca/0x330
[  371.178862][T14341]  __vmalloc_node_range_noprof+0x271/0x14b0
[  371.178873][T14341]  ? __snd_dma_alloc_pages+0x50/0x90
[  371.178887][T14341]  ? __mutex_trylock_common+0xe9/0x250
[  371.178905][T14341]  ? __snd_dma_alloc_pages+0x50/0x90
[  371.178917][T14341]  ? rcu_is_watching+0x12/0xc0
[  371.178930][T14341]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  371.178943][T14341]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  371.178960][T14341]  ? __snd_dma_alloc_pages+0x50/0x90
[  371.178972][T14341]  __vmalloc_node_noprof+0xad/0xf0
[  371.178981][T14341]  ? __snd_dma_alloc_pages+0x50/0x90
[  371.178993][T14341]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  371.179012][T14341]  __snd_dma_alloc_pages+0x50/0x90
[  371.179025][T14341]  snd_dma_alloc_dir_pages+0x151/0x240
[  371.179039][T14341]  do_alloc_pages+0x136/0x2d0
[  371.179053][T14341]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  371.179068][T14341]  snd_pcm_hw_params+0x1656/0x1ba0
[  371.179083][T14341]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  371.179096][T14341]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  371.179109][T14341]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  371.179127][T14341]  ? __asan_memset+0x23/0x50
[  371.179138][T14341]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  371.179152][T14341]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  371.179170][T14341]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  371.179193][T14341]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  371.179204][T14341]  snd_pcm_oss_write+0x4c3/0xa10
[  371.179216][T14341]  ? bpf_lsm_file_permission+0x9/0x10
[  371.179231][T14341]  ? security_file_permission+0x71/0x210
[  371.179249][T14341]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  371.179259][T14341]  vfs_write+0x2a0/0x11d0
[  371.179275][T14341]  ? __pfx_vfs_write+0x10/0x10
[  371.179286][T14341]  ? find_held_lock+0x2b/0x80
[  371.179296][T14341]  ? __fget_files+0x204/0x3c0
[  371.179310][T14341]  ? __fget_files+0x20e/0x3c0
[  371.179320][T14341]  ? handle_mm_fault+0x200/0xd10
[  371.179335][T14341]  ksys_write+0x12a/0x250
[  371.179347][T14341]  ? __pfx_ksys_write+0x10/0x10
[  371.179360][T14341]  ? rcu_is_watching+0x12/0xc0
[  371.179384][T14341]  __do_fast_syscall_32+0x7c/0x3a0
[  371.179401][T14341]  do_fast_syscall_32+0x32/0x80
[  371.179415][T14341]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  371.179428][T14341] RIP: 0023:0xf708e579
[  371.179437][T14341] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  371.179447][T14341] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  371.179458][T14341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  371.179464][T14341] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  371.179470][T14341] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  371.179476][T14341] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  371.179482][T14341] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  371.179495][T14341]  </TASK>
[  371.663111][ T6062] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  371.814746][ T6062] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.818095][ T6062] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.820991][ T6062] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  371.824939][ T6062] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  371.827643][ T6062] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.831078][ T6062] usb 7-1: config 0 descriptor??
[  372.249043][ T6062] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[  372.259962][ T6062] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  372.325952][T14366] FAULT_INJECTION: forcing a failure.
[  372.325952][T14366] name failslab, interval 1, probability 0, space 0, times 0
[  372.329889][T14366] CPU: 0 UID: 0 PID: 14366 Comm: syz.5.2145 Not tainted syzkaller #0 PREEMPT(full) 
[  372.329908][T14366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  372.329915][T14366] Call Trace:
[  372.329919][T14366]  <TASK>
[  372.329923][T14366]  dump_stack_lvl+0x16c/0x1f0
[  372.329942][T14366]  should_fail_ex+0x512/0x640
[  372.329957][T14366]  ? __kmalloc_node_noprof+0xc5/0x500
[  372.329972][T14366]  should_failslab+0xc2/0x120
[  372.329986][T14366]  __kmalloc_node_noprof+0xd8/0x500
[  372.329999][T14366]  ? __vmalloc_node_range_noprof+0x3e5/0x14b0
[  372.330012][T14366]  __vmalloc_node_range_noprof+0x3e5/0x14b0
[  372.330027][T14366]  ? __snd_dma_alloc_pages+0x50/0x90
[  372.330041][T14366]  ? rcu_is_watching+0x12/0xc0
[  372.330054][T14366]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  372.330067][T14366]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  372.330083][T14366]  ? __snd_dma_alloc_pages+0x50/0x90
[  372.330095][T14366]  __vmalloc_node_noprof+0xad/0xf0
[  372.330105][T14366]  ? __snd_dma_alloc_pages+0x50/0x90
[  372.330117][T14366]  ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10
[  372.330131][T14366]  __snd_dma_alloc_pages+0x50/0x90
[  372.330143][T14366]  snd_dma_alloc_dir_pages+0x151/0x240
[  372.330159][T14366]  do_alloc_pages+0x136/0x2d0
[  372.330173][T14366]  snd_pcm_lib_malloc_pages+0x3df/0x980
[  372.330187][T14366]  snd_pcm_hw_params+0x1656/0x1ba0
[  372.330202][T14366]  ? __pfx_snd_pcm_hw_params+0x10/0x10
[  372.330215][T14366]  ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0
[  372.330228][T14366]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  372.330245][T14366]  ? __asan_memset+0x23/0x50
[  372.330257][T14366]  snd_pcm_kernel_ioctl+0x147/0x2e0
[  372.330270][T14366]  snd_pcm_oss_change_params_locked+0x1432/0x3a30
[  372.330288][T14366]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  372.330322][T14366]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  372.330342][T14366]  snd_pcm_oss_write+0x4c3/0xa10
[  372.330361][T14366]  ? bpf_lsm_file_permission+0x9/0x10
[  372.330384][T14366]  ? security_file_permission+0x71/0x210
[  372.330402][T14366]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  372.330413][T14366]  vfs_write+0x2a0/0x11d0
[  372.330428][T14366]  ? __pfx_vfs_write+0x10/0x10
[  372.330439][T14366]  ? find_held_lock+0x2b/0x80
[  372.330450][T14366]  ? __fget_files+0x204/0x3c0
[  372.330464][T14366]  ? __fget_files+0x20e/0x3c0
[  372.330474][T14366]  ? handle_mm_fault+0x200/0xd10
[  372.330488][T14366]  ksys_write+0x12a/0x250
[  372.330500][T14366]  ? __pfx_ksys_write+0x10/0x10
[  372.330513][T14366]  ? rcu_is_watching+0x12/0xc0
[  372.330525][T14366]  __do_fast_syscall_32+0x7c/0x3a0
[  372.330542][T14366]  do_fast_syscall_32+0x32/0x80
[  372.330556][T14366]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  372.330570][T14366] RIP: 0023:0xf705e579
[  372.330579][T14366] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  372.330590][T14366] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  372.330600][T14366] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  372.330607][T14366] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  372.330613][T14366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  372.330619][T14366] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  372.330625][T14366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  372.330638][T14366]  </TASK>
[  372.465381][T14369] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2146'.
[  372.475726][T14370] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2146'.
[  372.647609][ T6062] usb 7-1: USB disconnect, device number 23
[  373.375138][T14405] openvswitch: netlink: Key 6 has unexpected len 4 expected 2
[  373.631737][T14433] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2163'.
[  373.646313][T14433] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2163'.
[  373.649164][T14433] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2163'.
[  373.854298][T14444] FAULT_INJECTION: forcing a failure.
[  373.854298][T14444] name failslab, interval 1, probability 0, space 0, times 0
[  373.859201][T14444] CPU: 2 UID: 0 PID: 14444 Comm: syz.5.2168 Not tainted syzkaller #0 PREEMPT(full) 
[  373.859222][T14444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  373.859232][T14444] Call Trace:
[  373.859239][T14444]  <TASK>
[  373.859246][T14444]  dump_stack_lvl+0x16c/0x1f0
[  373.859267][T14444]  should_fail_ex+0x512/0x640
[  373.859283][T14444]  ? __kmalloc_noprof+0xbf/0x510
[  373.859296][T14444]  ? snd_pcm_plugin_build+0x64/0x650
[  373.859308][T14444]  should_failslab+0xc2/0x120
[  373.859323][T14444]  __kmalloc_noprof+0xd2/0x510
[  373.859334][T14444]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  373.859351][T14444]  snd_pcm_plugin_build+0x64/0x650
[  373.859362][T14444]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  373.859377][T14444]  snd_pcm_plugin_build_mulaw+0x280/0x7a0
[  373.859390][T14444]  ? __pfx_mulaw_decode+0x10/0x10
[  373.859402][T14444]  ? __pfx_snd_pcm_plugin_build_mulaw+0x10/0x10
[  373.859417][T14444]  ? snd_pcm_hw_params+0xcd/0x1ba0
[  373.859431][T14444]  snd_pcm_plug_format_plugins+0xbe7/0x1430
[  373.859445][T14444]  ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10
[  373.859459][T14444]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  373.859481][T14444]  snd_pcm_oss_change_params_locked+0x2dec/0x3a30
[  373.859499][T14444]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  373.859520][T14444]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  373.859532][T14444]  snd_pcm_oss_write+0x4c3/0xa10
[  373.859544][T14444]  ? bpf_lsm_file_permission+0x9/0x10
[  373.859559][T14444]  ? security_file_permission+0x71/0x210
[  373.859577][T14444]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  373.859588][T14444]  vfs_write+0x2a0/0x11d0
[  373.859604][T14444]  ? __pfx_vfs_write+0x10/0x10
[  373.859614][T14444]  ? find_held_lock+0x2b/0x80
[  373.859625][T14444]  ? __fget_files+0x204/0x3c0
[  373.859639][T14444]  ? __fget_files+0x20e/0x3c0
[  373.859654][T14444]  ksys_write+0x12a/0x250
[  373.859666][T14444]  ? __pfx_ksys_write+0x10/0x10
[  373.859679][T14444]  ? rcu_is_watching+0x12/0xc0
[  373.859693][T14444]  __do_fast_syscall_32+0x7c/0x3a0
[  373.859709][T14444]  do_fast_syscall_32+0x32/0x80
[  373.859724][T14444]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  373.859737][T14444] RIP: 0023:0xf705e579
[  373.859745][T14444] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  373.859756][T14444] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  373.859766][T14444] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  373.859773][T14444] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  373.859779][T14444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  373.859785][T14444] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  373.859791][T14444] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  373.859804][T14444]  </TASK>
[  374.169690][T14453] befs: (nbd2): No write support. Marking filesystem read-only
[  374.174314][T14453] block nbd2: Attempted send on invalid socket
[  374.176749][T14453] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 3
[  374.180577][T14453] befs: (nbd2): unable to read superblock
[  374.216184][T14452] wireguard0: entered promiscuous mode
[  374.218356][T14452] wireguard0: entered allmulticast mode
[  375.111592][T14478] FAULT_INJECTION: forcing a failure.
[  375.111592][T14478] name failslab, interval 1, probability 0, space 0, times 0
[  375.115997][T14478] CPU: 3 UID: 0 PID: 14478 Comm: syz.5.2178 Not tainted syzkaller #0 PREEMPT(full) 
[  375.116012][T14478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.116019][T14478] Call Trace:
[  375.116023][T14478]  <TASK>
[  375.116027][T14478]  dump_stack_lvl+0x16c/0x1f0
[  375.116045][T14478]  should_fail_ex+0x512/0x640
[  375.116060][T14478]  ? __kmalloc_noprof+0xbf/0x510
[  375.116074][T14478]  ? snd_pcm_plugin_build+0x434/0x650
[  375.116086][T14478]  should_failslab+0xc2/0x120
[  375.116100][T14478]  __kmalloc_noprof+0xd2/0x510
[  375.116111][T14478]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  375.116130][T14478]  snd_pcm_plugin_build+0x434/0x650
[  375.116142][T14478]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  375.116156][T14478]  snd_pcm_plugin_build_mulaw+0x280/0x7a0
[  375.116169][T14478]  ? __pfx_mulaw_decode+0x10/0x10
[  375.116181][T14478]  ? __pfx_snd_pcm_plugin_build_mulaw+0x10/0x10
[  375.116196][T14478]  ? snd_pcm_hw_params+0xcd/0x1ba0
[  375.116210][T14478]  snd_pcm_plug_format_plugins+0xbe7/0x1430
[  375.116224][T14478]  ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10
[  375.116238][T14478]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  375.116260][T14478]  snd_pcm_oss_change_params_locked+0x2dec/0x3a30
[  375.116291][T14478]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  375.116314][T14478]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  375.116326][T14478]  snd_pcm_oss_write+0x4c3/0xa10
[  375.116337][T14478]  ? bpf_lsm_file_permission+0x9/0x10
[  375.116353][T14478]  ? security_file_permission+0x71/0x210
[  375.116370][T14478]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  375.116381][T14478]  vfs_write+0x2a0/0x11d0
[  375.116397][T14478]  ? __pfx_vfs_write+0x10/0x10
[  375.116408][T14478]  ? find_held_lock+0x2b/0x80
[  375.116419][T14478]  ? __fget_files+0x204/0x3c0
[  375.116433][T14478]  ? __fget_files+0x20e/0x3c0
[  375.116444][T14478]  ? handle_mm_fault+0x200/0xd10
[  375.116458][T14478]  ksys_write+0x12a/0x250
[  375.116470][T14478]  ? __pfx_ksys_write+0x10/0x10
[  375.116483][T14478]  ? rcu_is_watching+0x12/0xc0
[  375.116496][T14478]  __do_fast_syscall_32+0x7c/0x3a0
[  375.116512][T14478]  do_fast_syscall_32+0x32/0x80
[  375.116527][T14478]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.116540][T14478] RIP: 0023:0xf705e579
[  375.116549][T14478] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.116559][T14478] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  375.116570][T14478] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  375.116576][T14478] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  375.116582][T14478] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.116588][T14478] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.116594][T14478] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.116608][T14478]  </TASK>
[  375.288498][T14485] overlayfs: failed to resolve './file1': -2
[  375.447932][T14496] CIFS mount error: No usable UNC path provided in device string!
[  375.447932][T14496] 
[  375.451462][T14496] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  375.485949][T14500] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2184'.
[  375.628792][T14510] FAULT_INJECTION: forcing a failure.
[  375.628792][T14510] name failslab, interval 1, probability 0, space 0, times 0
[  375.632794][T14510] CPU: 3 UID: 0 PID: 14510 Comm: syz.5.2187 Not tainted syzkaller #0 PREEMPT(full) 
[  375.632808][T14510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  375.632815][T14510] Call Trace:
[  375.632820][T14510]  <TASK>
[  375.632824][T14510]  dump_stack_lvl+0x16c/0x1f0
[  375.632843][T14510]  should_fail_ex+0x512/0x640
[  375.632858][T14510]  ? __kmalloc_noprof+0xbf/0x510
[  375.632872][T14510]  ? snd_pcm_plugin_build+0x64/0x650
[  375.632883][T14510]  should_failslab+0xc2/0x120
[  375.632898][T14510]  __kmalloc_noprof+0xd2/0x510
[  375.632913][T14510]  snd_pcm_plugin_build+0x64/0x650
[  375.632937][T14510]  snd_pcm_plugin_build_io+0x207/0x5f0
[  375.632952][T14510]  ? __pfx_snd_pcm_plugin_build_io+0x10/0x10
[  375.632965][T14510]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  375.632988][T14510]  snd_pcm_oss_change_params_locked+0x2e62/0x3a30
[  375.633006][T14510]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  375.633028][T14510]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  375.633040][T14510]  snd_pcm_oss_write+0x4c3/0xa10
[  375.633051][T14510]  ? bpf_lsm_file_permission+0x9/0x10
[  375.633067][T14510]  ? security_file_permission+0x71/0x210
[  375.633084][T14510]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  375.633094][T14510]  vfs_write+0x2a0/0x11d0
[  375.633110][T14510]  ? __pfx_vfs_write+0x10/0x10
[  375.633121][T14510]  ? find_held_lock+0x2b/0x80
[  375.633133][T14510]  ? __fget_files+0x204/0x3c0
[  375.633147][T14510]  ? __fget_files+0x20e/0x3c0
[  375.633157][T14510]  ? handle_mm_fault+0x200/0xd10
[  375.633172][T14510]  ksys_write+0x12a/0x250
[  375.633184][T14510]  ? __pfx_ksys_write+0x10/0x10
[  375.633197][T14510]  ? rcu_is_watching+0x12/0xc0
[  375.633216][T14510]  __do_fast_syscall_32+0x7c/0x3a0
[  375.633234][T14510]  do_fast_syscall_32+0x32/0x80
[  375.633248][T14510]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  375.633262][T14510] RIP: 0023:0xf705e579
[  375.633270][T14510] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  375.633280][T14510] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  375.633291][T14510] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  375.633297][T14510] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  375.633303][T14510] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  375.633309][T14510] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  375.633315][T14510] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  375.633328][T14510]  </TASK>
[  375.742427][T14514] fuse: Bad value for 'user_id'
[  375.744285][T14514] fuse: Bad value for 'user_id'
[  376.093060][ T6062] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  376.258057][ T6062] usb 10-1: config 1 has an invalid interface number: 7 but max is 0
[  376.261624][ T6062] usb 10-1: config 1 has no interface number 0
[  376.266584][ T6062] usb 10-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  376.271373][ T6062] usb 10-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  376.275968][ T6062] usb 10-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.282877][ T6062] usb 10-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  376.286708][ T6062] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.289964][ T6062] usb 10-1: Product: syz
[  376.291514][ T6062] usb 10-1: Manufacturer: syz
[  376.294304][ T6062] usb 10-1: SerialNumber: syz
[  376.298962][T14521] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  376.507519][T14521] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  376.747057][ T6062] sierra_net 10-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.5-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  376.945359][ T6062] sierra_net 10-1:1.7 wwan0: Submit SYNC failed -71
[  376.948291][ T6062] sierra_net 10-1:1.7 wwan0: Send SYNC failed, status -71
[  376.951067][ T6062] sierra_net 10-1:1.7 wwan0: Submit SYNC failed -71
[  376.953610][ T6062] sierra_net 10-1:1.7 wwan0: Send SYNC failed, status -71
[  376.957559][ T6062] usb 10-1: USB disconnect, device number 9
[  376.960745][ T6062] sierra_net 10-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.5-1, Sierra Wireless USB-to-WWAN Modem
[  377.034009][ T6062] sierra_net 10-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  377.194948][T14545] dlm: plock device version mismatch: kernel (1.2.0), user (1.1792.0)
[  377.235024][T14547] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'.
[  377.235961][T14548] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'.
[  377.237925][T14547] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'.
[  377.240683][T14548] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2201'.
[  377.246814][T14547] ip6gretap0: entered promiscuous mode
[  377.251624][T14547] ip6gretap0: left promiscuous mode
[  377.266759][T14548] ip6gretap0: entered promiscuous mode
[  377.274313][T14548] ip6gretap0: left promiscuous mode
[  377.580507][T14577] FAULT_INJECTION: forcing a failure.
[  377.580507][T14577] name failslab, interval 1, probability 0, space 0, times 0
[  377.584565][T14577] CPU: 0 UID: 0 PID: 14577 Comm: syz.5.2212 Not tainted syzkaller #0 PREEMPT(full) 
[  377.584580][T14577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  377.584586][T14577] Call Trace:
[  377.584590][T14577]  <TASK>
[  377.584594][T14577]  dump_stack_lvl+0x16c/0x1f0
[  377.584612][T14577]  should_fail_ex+0x512/0x640
[  377.584627][T14577]  ? __kmalloc_noprof+0xbf/0x510
[  377.584641][T14577]  ? snd_pcm_plugin_build+0x434/0x650
[  377.584653][T14577]  should_failslab+0xc2/0x120
[  377.584667][T14577]  __kmalloc_noprof+0xd2/0x510
[  377.584682][T14577]  snd_pcm_plugin_build+0x434/0x650
[  377.584695][T14577]  snd_pcm_plugin_build_io+0x207/0x5f0
[  377.584708][T14577]  ? __pfx_snd_pcm_plugin_build_io+0x10/0x10
[  377.584721][T14577]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[  377.584743][T14577]  snd_pcm_oss_change_params_locked+0x2e62/0x3a30
[  377.584760][T14577]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  377.584782][T14577]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  377.584794][T14577]  snd_pcm_oss_write+0x4c3/0xa10
[  377.584806][T14577]  ? bpf_lsm_file_permission+0x9/0x10
[  377.584821][T14577]  ? security_file_permission+0x71/0x210
[  377.584842][T14577]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  377.584857][T14577]  vfs_write+0x2a0/0x11d0
[  377.584881][T14577]  ? __pfx_vfs_write+0x10/0x10
[  377.584903][T14577]  ? find_held_lock+0x2b/0x80
[  377.584917][T14577]  ? __fget_files+0x204/0x3c0
[  377.584938][T14577]  ? __fget_files+0x20e/0x3c0
[  377.584955][T14577]  ? handle_mm_fault+0x200/0xd10
[  377.584978][T14577]  ksys_write+0x12a/0x250
[  377.584996][T14577]  ? __pfx_ksys_write+0x10/0x10
[  377.585018][T14577]  ? rcu_is_watching+0x12/0xc0
[  377.585042][T14577]  __do_fast_syscall_32+0x7c/0x3a0
[  377.585066][T14577]  do_fast_syscall_32+0x32/0x80
[  377.585085][T14577]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  377.585098][T14577] RIP: 0023:0xf705e579
[  377.585108][T14577] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  377.585118][T14577] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  377.585129][T14577] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  377.585135][T14577] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  377.585143][T14577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  377.585149][T14577] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  377.585154][T14577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  377.585167][T14577]  </TASK>
[  377.791130][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2216'.
[  377.795164][T14590] netlink: 312 bytes leftover after parsing attributes in process `syz.5.2216'.
[  377.797812][T14590] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2216'.
[  377.891020][T14599] netlink: 'syz.2.2218': attribute type 1 has an invalid length.
[  377.896338][T14599] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2218'.
[  377.899621][T14599] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2218'.
[  378.136917][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  378.475447][T14606] FAULT_INJECTION: forcing a failure.
[  378.475447][T14606] name failslab, interval 1, probability 0, space 0, times 0
[  378.479336][T14606] CPU: 0 UID: 0 PID: 14606 Comm: syz.2.2222 Not tainted syzkaller #0 PREEMPT(full) 
[  378.479350][T14606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  378.479356][T14606] Call Trace:
[  378.479361][T14606]  <TASK>
[  378.479366][T14606]  dump_stack_lvl+0x16c/0x1f0
[  378.479384][T14606]  should_fail_ex+0x512/0x640
[  378.479399][T14606]  ? __kvmalloc_node_noprof+0x124/0x620
[  378.479413][T14606]  should_failslab+0xc2/0x120
[  378.479427][T14606]  __kvmalloc_node_noprof+0x137/0x620
[  378.479438][T14606]  ? rcu_is_watching+0x12/0xc0
[  378.479449][T14606]  ? kfree+0x24f/0x4d0
[  378.479457][T14606]  ? snd_pcm_plugin_alloc+0x5f8/0x7f0
[  378.479468][T14606]  ? mark_held_locks+0x49/0x80
[  378.479485][T14606]  ? snd_pcm_plugin_alloc+0x5f8/0x7f0
[  378.479495][T14606]  snd_pcm_plugin_alloc+0x5f8/0x7f0
[  378.479509][T14606]  snd_pcm_plug_alloc+0x214/0x330
[  378.479521][T14606]  snd_pcm_oss_change_params_locked+0x19b8/0x3a30
[  378.479538][T14606]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  378.479560][T14606]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  378.479571][T14606]  snd_pcm_oss_write+0x4c3/0xa10
[  378.479583][T14606]  ? bpf_lsm_file_permission+0x9/0x10
[  378.479598][T14606]  ? security_file_permission+0x71/0x210
[  378.479615][T14606]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  378.479625][T14606]  vfs_write+0x2a0/0x11d0
[  378.479641][T14606]  ? __pfx_vfs_write+0x10/0x10
[  378.479652][T14606]  ? find_held_lock+0x2b/0x80
[  378.479662][T14606]  ? __fget_files+0x204/0x3c0
[  378.479676][T14606]  ? __fget_files+0x20e/0x3c0
[  378.479686][T14606]  ? handle_mm_fault+0x200/0xd10
[  378.479700][T14606]  ksys_write+0x12a/0x250
[  378.479712][T14606]  ? __pfx_ksys_write+0x10/0x10
[  378.479725][T14606]  ? rcu_is_watching+0x12/0xc0
[  378.479737][T14606]  __do_fast_syscall_32+0x7c/0x3a0
[  378.479753][T14606]  do_fast_syscall_32+0x32/0x80
[  378.479767][T14606]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  378.479781][T14606] RIP: 0023:0xf708e579
[  378.479790][T14606] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  378.479801][T14606] RSP: 002b:00000000f547e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  378.479811][T14606] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  378.479818][T14606] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  378.479824][T14606] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  378.479829][T14606] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  378.479835][T14606] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.479847][T14606]  </TASK>
[  379.382905][T14627] netlink: 'syz.1.2227': attribute type 4 has an invalid length.
[  379.399907][T14627] netlink: 'syz.1.2227': attribute type 4 has an invalid length.
[  379.490310][T14636] FAULT_INJECTION: forcing a failure.
[  379.490310][T14636] name failslab, interval 1, probability 0, space 0, times 0
[  379.494731][T14636] CPU: 0 UID: 0 PID: 14636 Comm: syz.3.2231 Not tainted syzkaller #0 PREEMPT(full) 
[  379.494746][T14636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  379.494753][T14636] Call Trace:
[  379.494757][T14636]  <TASK>
[  379.494761][T14636]  dump_stack_lvl+0x16c/0x1f0
[  379.494778][T14636]  should_fail_ex+0x512/0x640
[  379.494794][T14636]  ? __kvmalloc_node_noprof+0x124/0x620
[  379.494807][T14636]  should_failslab+0xc2/0x120
[  379.494821][T14636]  __kvmalloc_node_noprof+0x137/0x620
[  379.494832][T14636]  ? rcu_is_watching+0x12/0xc0
[  379.494844][T14636]  ? kfree+0x24f/0x4d0
[  379.494852][T14636]  ? snd_pcm_oss_change_params_locked+0x1d18/0x3a30
[  379.494867][T14636]  ? snd_pcm_oss_change_params_locked+0x1d18/0x3a30
[  379.494877][T14636]  snd_pcm_oss_change_params_locked+0x1d18/0x3a30
[  379.494894][T14636]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  379.494920][T14636]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  379.494932][T14636]  snd_pcm_oss_write+0x4c3/0xa10
[  379.494944][T14636]  ? bpf_lsm_file_permission+0x9/0x10
[  379.494959][T14636]  ? security_file_permission+0x71/0x210
[  379.494976][T14636]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  379.494986][T14636]  vfs_write+0x2a0/0x11d0
[  379.495001][T14636]  ? __pfx_vfs_write+0x10/0x10
[  379.495012][T14636]  ? find_held_lock+0x2b/0x80
[  379.495023][T14636]  ? __fget_files+0x204/0x3c0
[  379.495037][T14636]  ? __fget_files+0x20e/0x3c0
[  379.495047][T14636]  ? handle_mm_fault+0x200/0xd10
[  379.495062][T14636]  ksys_write+0x12a/0x250
[  379.495073][T14636]  ? __pfx_ksys_write+0x10/0x10
[  379.495087][T14636]  ? rcu_is_watching+0x12/0xc0
[  379.495099][T14636]  __do_fast_syscall_32+0x7c/0x3a0
[  379.495115][T14636]  do_fast_syscall_32+0x32/0x80
[  379.495129][T14636]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  379.495142][T14636] RIP: 0023:0xf7fc7579
[  379.495150][T14636] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  379.495160][T14636] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  379.495171][T14636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  379.495177][T14636] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  379.495183][T14636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  379.495190][T14636] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  379.495196][T14636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  379.495209][T14636]  </TASK>
[  379.858068][T14645] netlink: 'syz.3.2232': attribute type 4 has an invalid length.
[  380.193044][ T6062] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  380.374433][ T6062] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  380.377781][ T6062] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.381041][ T6062] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.393153][ T6062] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  380.397932][ T6062] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  380.400655][ T6062] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  380.403664][ T6062] usb 7-1: Manufacturer: syz
[  380.406263][ T6062] usb 7-1: config 0 descriptor??
[  380.812234][T14660] __nla_validate_parse: 1 callbacks suppressed
[  380.812246][T14660] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2237'.
[  380.813912][ T6062] appleir 0003:05AC:8243.000B: unknown main item tag 0x0
[  380.823594][ T6062] appleir 0003:05AC:8243.000B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  381.441881][ T6062] usb 7-1: USB disconnect, device number 24
[  381.723814][T14671] FAULT_INJECTION: forcing a failure.
[  381.723814][T14671] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  381.727758][T14671] CPU: 0 UID: 0 PID: 14671 Comm: syz.3.2241 Not tainted syzkaller #0 PREEMPT(full) 
[  381.727774][T14671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  381.727780][T14671] Call Trace:
[  381.727785][T14671]  <TASK>
[  381.727790][T14671]  dump_stack_lvl+0x16c/0x1f0
[  381.727808][T14671]  should_fail_ex+0x512/0x640
[  381.727827][T14671]  _copy_from_user+0x2e/0xd0
[  381.727845][T14671]  snd_pcm_oss_write2+0x1c2/0x410
[  381.727857][T14671]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  381.727868][T14671]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  381.727881][T14671]  ? snd_pcm_oss_prepare+0x11e/0x220
[  381.727900][T14671]  snd_pcm_oss_write+0x711/0xa10
[  381.727912][T14671]  ? security_file_permission+0x71/0x210
[  381.727929][T14671]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  381.727940][T14671]  vfs_write+0x2a0/0x11d0
[  381.727956][T14671]  ? __pfx_vfs_write+0x10/0x10
[  381.727967][T14671]  ? find_held_lock+0x2b/0x80
[  381.727979][T14671]  ? __fget_files+0x204/0x3c0
[  381.727993][T14671]  ? __fget_files+0x20e/0x3c0
[  381.728003][T14671]  ? handle_mm_fault+0x200/0xd10
[  381.728038][T14671]  ksys_write+0x12a/0x250
[  381.728051][T14671]  ? __pfx_ksys_write+0x10/0x10
[  381.728064][T14671]  ? rcu_is_watching+0x12/0xc0
[  381.728078][T14671]  __do_fast_syscall_32+0x7c/0x3a0
[  381.728098][T14671]  do_fast_syscall_32+0x32/0x80
[  381.728113][T14671]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  381.728127][T14671] RIP: 0023:0xf7fc7579
[  381.728136][T14671] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  381.728147][T14671] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  381.728159][T14671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  381.728166][T14671] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  381.728172][T14671] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  381.728178][T14671] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  381.728185][T14671] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  381.728198][T14671]  </TASK>
[  381.851733][T14678] overlayfs: conflicting lowerdir path
[  382.252372][T14688] hugetlbfs: Bad value 'g' for mount option 'nr_inodes'
[  382.252372][T14688] 
[  382.844376][T14700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2249'.
[  382.990715][T14702] FAULT_INJECTION: forcing a failure.
[  382.990715][T14702] name failslab, interval 1, probability 0, space 0, times 0
[  382.994701][T14702] CPU: 3 UID: 0 PID: 14702 Comm: syz.3.2250 Not tainted syzkaller #0 PREEMPT(full) 
[  382.994728][T14702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  382.994736][T14702] Call Trace:
[  382.994740][T14702]  <TASK>
[  382.994745][T14702]  dump_stack_lvl+0x16c/0x1f0
[  382.994764][T14702]  should_fail_ex+0x512/0x640
[  382.994779][T14702]  ? __kvmalloc_node_noprof+0x124/0x620
[  382.994794][T14702]  should_failslab+0xc2/0x120
[  382.994808][T14702]  __kvmalloc_node_noprof+0x137/0x620
[  382.994819][T14702]  ? rcu_is_watching+0x12/0xc0
[  382.994830][T14702]  ? kfree+0x24f/0x4d0
[  382.994839][T14702]  ? snd_pcm_plugin_alloc+0x5f8/0x7f0
[  382.994850][T14702]  ? mark_held_locks+0x49/0x80
[  382.994867][T14702]  ? snd_pcm_plugin_alloc+0x5f8/0x7f0
[  382.994878][T14702]  snd_pcm_plugin_alloc+0x5f8/0x7f0
[  382.994896][T14702]  snd_pcm_plug_alloc+0x214/0x330
[  382.994909][T14702]  snd_pcm_oss_change_params_locked+0x19b8/0x3a30
[  382.994927][T14702]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  382.994950][T14702]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  382.994962][T14702]  snd_pcm_oss_write+0x4c3/0xa10
[  382.994974][T14702]  ? bpf_lsm_file_permission+0x9/0x10
[  382.994990][T14702]  ? security_file_permission+0x71/0x210
[  382.995008][T14702]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  382.995019][T14702]  vfs_write+0x2a0/0x11d0
[  382.995035][T14702]  ? __pfx_vfs_write+0x10/0x10
[  382.995046][T14702]  ? find_held_lock+0x2b/0x80
[  382.995070][T14702]  ? __fget_files+0x204/0x3c0
[  382.995085][T14702]  ? __fget_files+0x20e/0x3c0
[  382.995096][T14702]  ? handle_mm_fault+0x200/0xd10
[  382.995110][T14702]  ksys_write+0x12a/0x250
[  382.995123][T14702]  ? __pfx_ksys_write+0x10/0x10
[  382.995136][T14702]  ? rcu_is_watching+0x12/0xc0
[  382.995149][T14702]  __do_fast_syscall_32+0x7c/0x3a0
[  382.995166][T14702]  do_fast_syscall_32+0x32/0x80
[  382.995181][T14702]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  382.995195][T14702] RIP: 0023:0xf7fc7579
[  382.995204][T14702] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  382.995215][T14702] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  382.995226][T14702] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  382.995233][T14702] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  382.995239][T14702] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  382.995245][T14702] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  382.995251][T14702] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  382.995265][T14702]  </TASK>
[  383.004807][T14704] pimreg: entered allmulticast mode
[  383.194456][T14713] binder: 14712:14713 ioctl c0306201 80000640 returned -22
[  383.633744][ T5988] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  383.638869][ T5988] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  383.642053][ T5988] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  383.647311][ T5988] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  383.653893][ T5988] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  383.662210][ T5979] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  383.665349][ T5979] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  383.667959][ T5979] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  383.678188][ T5979] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  383.683139][ T5979] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  383.725642][ T6062] kernel read not supported for file /dsp1 (pid: 6062 comm: kworker/2:4)
[  383.803136][T14725] lo speed is unknown, defaulting to 1000
[  383.894189][T14725] chnl_net:caif_netlink_parms(): no params data found
[  383.908254][T14735] FAULT_INJECTION: forcing a failure.
[  383.908254][T14735] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.912433][T14735] CPU: 1 UID: 0 PID: 14735 Comm: syz.1.2260 Not tainted syzkaller #0 PREEMPT(full) 
[  383.912448][T14735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  383.912456][T14735] Call Trace:
[  383.912460][T14735]  <TASK>
[  383.912466][T14735]  dump_stack_lvl+0x16c/0x1f0
[  383.912484][T14735]  should_fail_ex+0x512/0x640
[  383.912502][T14735]  _copy_from_user+0x2e/0xd0
[  383.912520][T14735]  snd_pcm_oss_write2+0x1c2/0x410
[  383.912533][T14735]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  383.912543][T14735]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  383.912556][T14735]  ? snd_pcm_oss_prepare+0x11e/0x220
[  383.912574][T14735]  snd_pcm_oss_write+0x711/0xa10
[  383.912586][T14735]  ? security_file_permission+0x71/0x210
[  383.912604][T14735]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  383.912614][T14735]  vfs_write+0x2a0/0x11d0
[  383.912632][T14735]  ? __pfx_vfs_write+0x10/0x10
[  383.912643][T14735]  ? find_held_lock+0x2b/0x80
[  383.912655][T14735]  ? __fget_files+0x204/0x3c0
[  383.912670][T14735]  ? __fget_files+0x20e/0x3c0
[  383.912680][T14735]  ? handle_mm_fault+0x200/0xd10
[  383.912695][T14735]  ksys_write+0x12a/0x250
[  383.912707][T14735]  ? __pfx_ksys_write+0x10/0x10
[  383.912720][T14735]  ? rcu_is_watching+0x12/0xc0
[  383.912734][T14735]  __do_fast_syscall_32+0x7c/0x3a0
[  383.912750][T14735]  do_fast_syscall_32+0x32/0x80
[  383.912765][T14735]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  383.912779][T14735] RIP: 0023:0xf7f21579
[  383.912787][T14735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  383.912798][T14735] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  383.912808][T14735] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  383.912815][T14735] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  383.912828][T14735] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  383.912834][T14735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  383.912840][T14735] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  383.912853][T14735]  </TASK>
[  383.980617][    C1] vkms_vblank_simulate: vblank timer overrun
[  384.048585][T14725] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.051597][T14725] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.055212][T14725] bridge_slave_0: entered allmulticast mode
[  384.058313][T14725] bridge_slave_0: entered promiscuous mode
[  384.065689][T14725] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.069471][T14725] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.072600][T14725] bridge_slave_1: entered allmulticast mode
[  384.076678][T14725] bridge_slave_1: entered promiscuous mode
[  384.126702][T14725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  384.131279][T14725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  384.167840][T14745] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  384.174112][T14725] team0: Port device team_slave_0 added
[  384.177544][T14725] team0: Port device team_slave_1 added
[  384.222032][T14750] netlink: 'syz.5.2265': attribute type 10 has an invalid length.
[  384.225467][T14750] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2265'.
[  384.247426][   T40] audit: type=1804 audit(1756557279.592:5704): pid=14751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2262" name="/newroot/536/bus" dev="tmpfs" ino=2889 res=1 errno=0
[  384.251001][T14750] team0: Port device geneve0 added
[  384.266798][T14725] batman_adv: batadv0: Adding interface: batadv_slave_0
[  384.269236][T14725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.277179][T14725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  384.285247][T14725] batman_adv: batadv0: Adding interface: batadv_slave_1
[  384.287832][T14725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.296705][T14725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.417007][T14725] hsr_slave_0: entered promiscuous mode
[  384.426710][T14725] hsr_slave_1: entered promiscuous mode
[  384.430054][T14725] debugfs: 'hsr0' already exists in 'hsr'
[  384.432686][T14725] Cannot create hsr debugfs directory
[  384.484411][T14760] FAULT_INJECTION: forcing a failure.
[  384.484411][T14760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.489099][T14760] CPU: 1 UID: 0 PID: 14760 Comm: syz.5.2269 Not tainted syzkaller #0 PREEMPT(full) 
[  384.489114][T14760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  384.489121][T14760] Call Trace:
[  384.489125][T14760]  <TASK>
[  384.489130][T14760]  dump_stack_lvl+0x16c/0x1f0
[  384.489148][T14760]  should_fail_ex+0x512/0x640
[  384.489166][T14760]  _copy_from_user+0x2e/0xd0
[  384.489183][T14760]  snd_pcm_oss_write2+0x1c2/0x410
[  384.489196][T14760]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  384.489206][T14760]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  384.489220][T14760]  ? snd_pcm_oss_prepare+0x11e/0x220
[  384.489240][T14760]  snd_pcm_oss_write+0x711/0xa10
[  384.489252][T14760]  ? security_file_permission+0x71/0x210
[  384.489269][T14760]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  384.489280][T14760]  vfs_write+0x2a0/0x11d0
[  384.489297][T14760]  ? __pfx_vfs_write+0x10/0x10
[  384.489308][T14760]  ? find_held_lock+0x2b/0x80
[  384.489319][T14760]  ? __fget_files+0x204/0x3c0
[  384.489334][T14760]  ? __fget_files+0x20e/0x3c0
[  384.489344][T14760]  ? handle_mm_fault+0x200/0xd10
[  384.489359][T14760]  ksys_write+0x12a/0x250
[  384.489384][T14760]  ? __pfx_ksys_write+0x10/0x10
[  384.489398][T14760]  ? rcu_is_watching+0x12/0xc0
[  384.489411][T14760]  __do_fast_syscall_32+0x7c/0x3a0
[  384.489428][T14760]  do_fast_syscall_32+0x32/0x80
[  384.489443][T14760]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  384.489456][T14760] RIP: 0023:0xf705e579
[  384.489465][T14760] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  384.489476][T14760] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  384.489486][T14760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  384.489494][T14760] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  384.489500][T14760] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  384.489506][T14760] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  384.489513][T14760] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  384.489526][T14760]  </TASK>
[  384.563268][    C1] vkms_vblank_simulate: vblank timer overrun
[  384.698828][T14725] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  384.788006][T14725] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  384.860022][T14725] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  384.929670][T14725] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  385.051779][T14725] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  385.056357][T14725] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  385.062191][T14725] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  385.066760][T14725] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  385.117834][T14725] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.127837][T14725] 8021q: adding VLAN 0 to HW filter on device team0
[  385.134306][ T7015] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.136587][ T7015] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.147653][ T7008] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.150047][ T7008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  385.285958][T14725] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.312931][T14725] veth0_vlan: entered promiscuous mode
[  385.315522][   T40] audit: type=1326 audit(1756557280.705:5705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14786 comm="syz.1.2276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  385.321523][T14725] veth1_vlan: entered promiscuous mode
[  385.324408][   T40] audit: type=1326 audit(1756557280.705:5706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14786 comm="syz.1.2276" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  385.342955][T14725] veth0_macvtap: entered promiscuous mode
[  385.348182][T14725] veth1_macvtap: entered promiscuous mode
[  385.358569][T14725] batman_adv: batadv0: Interface activated: batadv_slave_0
[  385.363590][T14792] FAULT_INJECTION: forcing a failure.
[  385.363590][T14792] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.367843][T14792] CPU: 1 UID: 0 PID: 14792 Comm: syz.1.2277 Not tainted syzkaller #0 PREEMPT(full) 
[  385.367859][T14792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  385.367866][T14792] Call Trace:
[  385.367871][T14792]  <TASK>
[  385.367876][T14792]  dump_stack_lvl+0x16c/0x1f0
[  385.367895][T14792]  should_fail_ex+0x512/0x640
[  385.367913][T14792]  _copy_from_user+0x2e/0xd0
[  385.367930][T14792]  snd_pcm_oss_write2+0x1c2/0x410
[  385.367943][T14792]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  385.367953][T14792]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  385.367967][T14792]  ? snd_pcm_oss_prepare+0x11e/0x220
[  385.367985][T14792]  snd_pcm_oss_write+0x711/0xa10
[  385.367998][T14792]  ? security_file_permission+0x71/0x210
[  385.368015][T14792]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  385.368026][T14792]  vfs_write+0x2a0/0x11d0
[  385.368042][T14792]  ? __pfx_vfs_write+0x10/0x10
[  385.368053][T14792]  ? find_held_lock+0x2b/0x80
[  385.368065][T14792]  ? __fget_files+0x204/0x3c0
[  385.368079][T14792]  ? __fget_files+0x20e/0x3c0
[  385.368089][T14792]  ? handle_mm_fault+0x200/0xd10
[  385.368104][T14792]  ksys_write+0x12a/0x250
[  385.368116][T14792]  ? __pfx_ksys_write+0x10/0x10
[  385.368129][T14792]  ? rcu_is_watching+0x12/0xc0
[  385.368130][T14725] batman_adv: batadv0: Interface activated: batadv_slave_1
[  385.368143][T14792]  __do_fast_syscall_32+0x7c/0x3a0
[  385.368159][T14792]  do_fast_syscall_32+0x32/0x80
[  385.368174][T14792]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  385.368187][T14792] RIP: 0023:0xf7f21579
[  385.368196][T14792] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  385.368207][T14792] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  385.368218][T14792] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  385.368225][T14792] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  385.368231][T14792] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  385.368237][T14792] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  385.368244][T14792] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  385.368256][T14792]  </TASK>
[  385.460879][ T7015] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  385.468833][ T7015] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  385.474307][ T7015] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  385.479528][ T7015] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  385.517827][ T7011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.521059][ T7011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.540036][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.542579][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.576568][T14803] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2258'.
[  385.639842][ T5979] Bluetooth: hci4: command tx timeout
[  386.510758][T14828] FAULT_INJECTION: forcing a failure.
[  386.510758][T14828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.515583][T14828] CPU: 0 UID: 0 PID: 14828 Comm: syz.1.2285 Not tainted syzkaller #0 PREEMPT(full) 
[  386.515598][T14828] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  386.515605][T14828] Call Trace:
[  386.515609][T14828]  <TASK>
[  386.515614][T14828]  dump_stack_lvl+0x16c/0x1f0
[  386.515633][T14828]  should_fail_ex+0x512/0x640
[  386.515651][T14828]  _copy_from_user+0x2e/0xd0
[  386.515669][T14828]  snd_pcm_oss_write2+0x1c2/0x410
[  386.515682][T14828]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  386.515692][T14828]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  386.515705][T14828]  ? snd_pcm_oss_prepare+0x11e/0x220
[  386.515724][T14828]  snd_pcm_oss_write+0x711/0xa10
[  386.515736][T14828]  ? security_file_permission+0x71/0x210
[  386.515758][T14828]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  386.515773][T14828]  vfs_write+0x2a0/0x11d0
[  386.515797][T14828]  ? __pfx_vfs_write+0x10/0x10
[  386.515816][T14828]  ? find_held_lock+0x2b/0x80
[  386.515836][T14828]  ? __fget_files+0x204/0x3c0
[  386.515856][T14828]  ? __fget_files+0x20e/0x3c0
[  386.515866][T14828]  ? handle_mm_fault+0x200/0xd10
[  386.515882][T14828]  ksys_write+0x12a/0x250
[  386.515894][T14828]  ? __pfx_ksys_write+0x10/0x10
[  386.515908][T14828]  ? rcu_is_watching+0x12/0xc0
[  386.515921][T14828]  __do_fast_syscall_32+0x7c/0x3a0
[  386.515938][T14828]  do_fast_syscall_32+0x32/0x80
[  386.515966][T14828]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  386.515981][T14828] RIP: 0023:0xf7f21579
[  386.515990][T14828] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  386.516001][T14828] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  386.516013][T14828] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  386.516020][T14828] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  386.516026][T14828] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  386.516033][T14828] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  386.516039][T14828] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  386.516053][T14828]  </TASK>
[  386.971702][ T6061] libceph: connect (1)[c::]:6789 error -101
[  387.087624][ T6061] libceph: mon0 (1)[c::]:6789 connect error
[  387.214449][   T40] audit: type=1400 audit(1756557282.710:5707): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=14843 comm="syz.2.2289"
[  387.335500][ T6061] libceph: connect (1)[c::]:6789 error -101
[  387.337788][ T6061] libceph: mon0 (1)[c::]:6789 connect error
[  387.432858][T14838] ceph: No mds server is up or the cluster is laggy
[  387.464481][T14850] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2291'.
[  387.574274][T14854] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2293'.
[  387.577647][T14854] fuse: Unknown parameter 'rde'
[  387.611894][ T5979] Bluetooth: hci4: command tx timeout
[  387.708222][T14862] FAULT_INJECTION: forcing a failure.
[  387.708222][T14862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.712581][T14862] CPU: 2 UID: 0 PID: 14862 Comm: syz.5.2295 Not tainted syzkaller #0 PREEMPT(full) 
[  387.712602][T14862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  387.712612][T14862] Call Trace:
[  387.712620][T14862]  <TASK>
[  387.712628][T14862]  dump_stack_lvl+0x16c/0x1f0
[  387.712656][T14862]  should_fail_ex+0x512/0x640
[  387.712684][T14862]  _copy_from_user+0x2e/0xd0
[  387.712709][T14862]  snd_pcm_oss_write2+0x1c2/0x410
[  387.712731][T14862]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  387.712745][T14862]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  387.712769][T14862]  ? snd_pcm_oss_prepare+0x11e/0x220
[  387.712805][T14862]  snd_pcm_oss_write+0x711/0xa10
[  387.712824][T14862]  ? security_file_permission+0x71/0x210
[  387.712852][T14862]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  387.712869][T14862]  vfs_write+0x2a0/0x11d0
[  387.712910][T14862]  ? __pfx_vfs_write+0x10/0x10
[  387.712927][T14862]  ? find_held_lock+0x2b/0x80
[  387.712946][T14862]  ? __fget_files+0x204/0x3c0
[  387.712969][T14862]  ? __fget_files+0x20e/0x3c0
[  387.712986][T14862]  ? handle_mm_fault+0x200/0xd10
[  387.713018][T14862]  ksys_write+0x12a/0x250
[  387.713041][T14862]  ? __pfx_ksys_write+0x10/0x10
[  387.713064][T14862]  ? rcu_is_watching+0x12/0xc0
[  387.713081][T14862]  __do_fast_syscall_32+0x7c/0x3a0
[  387.713097][T14862]  do_fast_syscall_32+0x32/0x80
[  387.713112][T14862]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  387.713126][T14862] RIP: 0023:0xf705e579
[  387.713136][T14862] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  387.713147][T14862] RSP: 002b:00000000f544e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  387.713158][T14862] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0
[  387.713166][T14862] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  387.713173][T14862] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  387.713179][T14862] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  387.713186][T14862] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  387.713199][T14862]  </TASK>
[  387.906484][T14871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2299'.
[  387.970792][   T34] kernel write not supported for file /snd/midiC2D0 (pid: 34 comm: kworker/3:0)
[  388.042069][T14871] team0 (unregistering): Port device team_slave_0 removed
[  388.045233][T14871] team0 (unregistering): Port device team_slave_1 removed
[  388.048259][T14871] team0 (unregistering): Port device batadv1 removed
[  388.173245][T14880] 
: renamed from bond_slave_0
[  388.400962][T14896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  388.403398][T14896] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  388.405659][T14896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  388.407845][T14896] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  388.410142][T14896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  388.412166][T14896] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  388.414868][T14896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  388.417011][T14896] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  388.419236][T14896] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  388.464534][T14897] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  388.472027][T14897] ubi: mtd0 is already attached to ubi31
[  388.691624][ T7008] team0: left allmulticast mode
[  388.693326][ T7008] team_slave_0: left allmulticast mode
[  388.695171][ T7008] team_slave_1: left allmulticast mode
[  388.696997][ T7008] team0: left promiscuous mode
[  388.698673][ T7008] team_slave_0: left promiscuous mode
[  388.706134][ T7008] team_slave_1: left promiscuous mode
[  388.708330][ T7008] bridge0: port 3(team0) entered disabled state
[  388.712389][ T7008] bridge_slave_0: left allmulticast mode
[  388.714275][ T7008] bridge_slave_0: left promiscuous mode
[  388.716182][ T7008] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.165093][ T7008] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  389.168792][ T7008] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  389.172712][ T7008] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  389.177237][ T7008] bond0 (unregistering): Released all slaves
[  389.289826][ T7008] bond1 (unregistering): Released all slaves
[  389.362747][ T7008] tipc: Disabling bearer <udp:s>
[  389.370811][ T7008] tipc: Disabling bearer <eth:team0>
[  389.376932][ T7008] tipc: Left network mode
[  389.468571][T14925] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2314'.
[  389.593421][ T5979] Bluetooth: hci4: command tx timeout
[  389.609744][T14932] fuse: Unknown parameter '�'
[  389.772534][T14942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2319'.
[  389.838139][ T7008] hsr_slave_0: left promiscuous mode
[  389.840821][ T7008] hsr_slave_1: left promiscuous mode
[  389.844805][ T7008] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.847595][ T7008] batman_adv: batadv0: Removing interface: batadv_slave_1
[  390.314129][T14959] warn_alloc: 3 callbacks suppressed
[  390.314184][T14959] syz.3.2321: page allocation failure: order:10, mode:0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  390.323025][T14959] CPU: 1 UID: 0 PID: 14959 Comm: syz.3.2321 Not tainted syzkaller #0 PREEMPT(full) 
[  390.323067][T14959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  390.323080][T14959] Call Trace:
[  390.323089][T14959]  <TASK>
[  390.323098][T14959]  dump_stack_lvl+0x16c/0x1f0
[  390.323129][T14959]  warn_alloc+0x248/0x3a0
[  390.323154][T14959]  ? __pfx_warn_alloc+0x10/0x10
[  390.323175][T14959]  ? psi_memstall_leave+0x1e6/0x2d0
[  390.323199][T14959]  ? __alloc_pages_direct_compact+0x466/0x580
[  390.323224][T14959]  ? __pfx___alloc_pages_direct_compact+0x10/0x10
[  390.323249][T14959]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  390.323282][T14959]  ? psi_memstall_leave+0x3b/0x2d0
[  390.323309][T14959]  __alloc_frozen_pages_noprof+0xea2/0x23f0
[  390.323346][T14959]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  390.323370][T14959]  ? __pfx___schedule+0x10/0x10
[  390.323404][T14959]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  390.323433][T14959]  ? policy_nodemask+0xea/0x4e0
[  390.323460][T14959]  alloc_pages_mpol+0x1fb/0x550
[  390.323486][T14959]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  390.323517][T14959]  ? comedi_compat_ioctl+0x406/0x990
[  390.323539][T14959]  ___kmalloc_large_node+0xed/0x160
[  390.323571][T14959]  ? comedi_compat_ioctl+0x406/0x990
[  390.323591][T14959]  __kmalloc_large_node_noprof+0x1c/0x70
[  390.323622][T14959]  __kmalloc_noprof.cold+0xc/0x61
[  390.323656][T14959]  comedi_compat_ioctl+0x406/0x990
[  390.323678][T14959]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  390.323701][T14959]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  390.323729][T14959]  ? do_vfs_ioctl+0x128/0x14f0
[  390.323758][T14959]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  390.323794][T14959]  ? find_held_lock+0x2b/0x80
[  390.323819][T14959]  ? hook_file_ioctl_common+0x145/0x410
[  390.323850][T14959]  ? __fget_files+0x20e/0x3c0
[  390.323869][T14959]  ? __ia32_compat_sys_openat+0x160/0x210
[  390.323894][T14959]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  390.323919][T14959]  __ia32_compat_sys_ioctl+0x242/0x370
[  390.323955][T14959]  __do_fast_syscall_32+0x7c/0x3a0
[  390.323986][T14959]  do_fast_syscall_32+0x32/0x80
[  390.324011][T14959]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.324034][T14959] RIP: 0023:0xf703e579
[  390.324049][T14959] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  390.324066][T14959] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  390.324085][T14959] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000008008640b
[  390.324097][T14959] RDX: 0000000080113800 RSI: 0000000000000000 RDI: 0000000000000000
[  390.324109][T14959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.324121][T14959] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  390.324133][T14959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.324159][T14959]  </TASK>
[  390.324291][T14959] Mem-Info:
[  390.459591][T14959] active_anon:8166 inactive_anon:6057 isolated_anon:0
[  390.459591][T14959]  active_file:10467 inactive_file:5857 isolated_file:0
[  390.459591][T14959]  unevictable:1768 dirty:218 writeback:0
[  390.459591][T14959]  slab_reclaimable:6890 slab_unreclaimable:73765
[  390.459591][T14959]  mapped:30613 shmem:11001 pagetables:1358
[  390.459591][T14959]  sec_pagetables:319 bounce:0
[  390.459591][T14959]  kernel_misc_reclaimable:0
[  390.459591][T14959]  free:56234 free_pcp:197 free_cma:0
[  390.473514][T14959] Node 0 active_anon:212kB inactive_anon:212kB active_file:4kB inactive_file:16kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:12kB writeback:0kB shmem:3744kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8520kB pagetables:1940kB sec_pagetables:1136kB all_unreclaimable? yes Balloon:0kB
[  390.483295][T14959] Node 1 active_anon:32452kB inactive_anon:24016kB active_file:41864kB inactive_file:23412kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:122436kB dirty:860kB writeback:0kB shmem:40260kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:2048kB kernel_stack:6744kB pagetables:3492kB sec_pagetables:140kB all_unreclaimable? no Balloon:0kB
[  390.493306][T14959] Node 0 DMA free:2256kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  390.517370][T14959] lowmem_reserve[]: 0 288 288 288 288
[  390.519119][T14959] Node 0 DMA32 free:27900kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:2048KB free_highatomic:388KB active_anon:212kB inactive_anon:204kB active_file:4kB inactive_file:16kB unevictable:3536kB writepending:12kB present:1032196kB managed:295136kB mlocked:0kB bounce:0kB free_pcp:1136kB local_pcp:1080kB free_cma:0kB
[  390.528951][T14959] lowmem_reserve[]: 0 0 0 0 0
[  390.530445][T14959] Node 1 DMA32 free:184868kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:2048KB free_highatomic:2048KB active_anon:32452kB inactive_anon:24016kB active_file:41864kB inactive_file:23412kB unevictable:3536kB writepending:860kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:8764kB local_pcp:8204kB free_cma:0kB
[  390.541130][T14959] lowmem_reserve[]: 0 0 0 0 0
[  390.542736][T14959] Node 0 DMA: 16*4kB (UM) 9*8kB (UM) 8*16kB (M) 13*32kB (UM) 5*64kB (UM) 2*128kB (M) 2*256kB (M) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 2280kB
[  390.547692][T14959] Node 0 DMA32: 501*4kB (UMEH) 391*8kB (UMEH) 149*16kB (UM) 243*32kB (UMEH) 71*64kB (UMH) 22*128kB (UM) 10*256kB (M) 3*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 27772kB
[  390.552967][T14959] Node 1 DMA32: 2114*4kB (UME) 728*8kB (UME) 277*16kB (UME) 289*32kB (UME) 67*64kB (UME) 85*128kB (UME) 64*256kB (UME) 85*512kB (UME) 60*1024kB (UM) 10*2048kB (UMH) 0*4096kB = 184952kB
[  390.558610][T14959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  390.561766][T14959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  390.565178][T14959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  390.568087][T14959] Node 1 hugepages_total=5 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  390.571658][T14959] 27913 total pagecache pages
[  390.573092][T14959] 570 pages in swap cache
[  390.576722][T14959] Free swap  = 98128kB
[  390.578344][T14959] Total swap = 124996kB
[  390.579808][T14959] 524155 pages RAM
[  390.581245][T14959] 0 pages HighMem/MovableOnly
[  390.583089][T14959] 209476 pages reserved
[  390.584452][T14959] 0 pages cma reserved
[  390.968627][ T7008] team0 (unregistering): Port device team_slave_1 removed
[  391.077960][ T7008] team0 (unregistering): Port device team_slave_0 removed
[  391.574719][ T5979] Bluetooth: hci4: command tx timeout
[  392.190373][T14998] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2333'.
[  393.193310][T15004] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  393.196851][T15004] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  393.320036][ T6062] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  393.968362][T15032] net_ratelimit: 67 callbacks suppressed
[  393.968374][T15032] openvswitch: netlink: nsh attribute has 8 unknown bytes.
[  394.613731][T15047] tipc: Started in network mode
[  394.615246][T15047] tipc: Node identity c, cluster identity 4711
[  394.617091][T15047] tipc: Node number set to 12
[  399.874536][T15070] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  399.877149][T15070] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  399.880095][T15070] vhci_hcd vhci_hcd.0: Device attached
[  399.884407][T15072] vhci_hcd: connection closed
[  399.884570][ T7011] vhci_hcd: stop threads
[  399.888973][ T7011] vhci_hcd: release socket
[  399.891552][ T7011] vhci_hcd: disconnect device
[  399.964147][T15084] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  399.966282][T15084] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  399.970027][T15084] vhci_hcd vhci_hcd.0: Device attached
[  400.147402][ T6061] vhci_hcd: vhci_device speed not set
[  400.161717][T15088] netlink: 'syz.5.2350': attribute type 1 has an invalid length.
[  400.180444][T15088] bond3: (slave gretap1): making interface the new active one
[  400.183407][T15088] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  400.214049][ T6061] usb 43-1: new high-speed USB device number 4 using vhci_hcd
[  400.357838][T15085] vhci_hcd: connection reset by peer
[  400.359847][   T73] vhci_hcd: stop threads
[  400.365981][   T73] vhci_hcd: release socket
[  400.368013][   T73] vhci_hcd: disconnect device
[  400.393119][T15093] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  400.395251][T15093] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  400.397880][T15093] vhci_hcd vhci_hcd.0: Device attached
[  400.403024][T15094] vhci_hcd: connection closed
[  400.403254][   T73] vhci_hcd: stop threads
[  400.407255][   T73] vhci_hcd: release socket
[  400.409197][   T73] vhci_hcd: disconnect device
[  400.914835][T15097] netlink: 'syz.2.2353': attribute type 10 has an invalid length.
[  400.918198][T15097] syz_tun: entered promiscuous mode
[  400.925883][T15097] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  400.926666][ T7021] __ib_cache_gid_add: unable to add gid fe80:0000:0000:0000:a8aa:aaff:feaa:aaaa error=-28
[  401.197530][T15104] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  401.200042][T15104] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  401.202837][T15104] vhci_hcd vhci_hcd.0: Device attached
[  401.224825][T15104] ieee802154 phy0 wpan0: encryption failed: -22
[  401.442800][   T53] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[  401.757161][T15105] vhci_hcd: connection reset by peer
[  401.759132][   T73] vhci_hcd: stop threads
[  401.760879][   T73] vhci_hcd: release socket
[  401.762428][   T73] vhci_hcd: disconnect device
[  402.745111][T15124] fuse: Unknown parameter 'uid>00000000000000000000'
[  403.175427][T15138] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  403.892327][T15152] could not allocate digest TFM handle sha1-ssse3
[  403.899133][T15152] syz_tun: entered promiscuous mode
[  403.901671][T15152] batadv_slave_0: entered promiscuous mode
[  403.937688][T15158] fuse: Unknown parameter '�ser_id'
[  403.940866][T15158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2369'.
[  404.032228][T15166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2371'.
[  404.982368][T15183] lo speed is unknown, defaulting to 1000
[  405.062528][ T6061] vhci_hcd: vhci_device speed not set
[  405.223618][T15200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2380'.
[  405.232301][T15200] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  405.236628][T15200] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  405.506662][T15207] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  405.509262][T15207] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  405.513671][T15207] vhci_hcd vhci_hcd.0: Device attached
[  405.519604][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2382'.
[  405.678117][T15208] vhci_hcd: connection closed
[  405.678303][ T7011] vhci_hcd: stop threads
[  405.681342][ T7011] vhci_hcd: release socket
[  405.683053][ T7011] vhci_hcd: disconnect device
[  405.691594][ T5983] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  405.835826][ T5983] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  405.839209][ T5983] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  405.843066][ T5983] usb 6-1: config 0 interface 0 has no altsetting 0
[  405.847546][ T5983] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  405.851055][ T5983] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  405.854882][ T5983] usb 6-1: Product: syz
[  405.856516][ T5983] usb 6-1: Manufacturer: syz
[  405.858318][ T5983] usb 6-1: SerialNumber: syz
[  405.861512][ T5983] usb 6-1: config 0 descriptor??
[  405.864558][ T5983] hub 6-1:0.0: bad descriptor, ignoring hub
[  405.866889][ T5983] hub 6-1:0.0: probe with driver hub failed with error -5
[  405.871263][ T5983] usb 6-1: selecting invalid altsetting 0
[  406.189212][   T29] usb 6-1: USB disconnect, device number 18
[  406.377372][   T53] vhci_hcd: vhci_device speed not set
[  406.467650][T15231] binder: 15222:15231 ioctl c018620c 80000380 returned -22
[  406.503711][T15231] netlink: 'syz.1.2386': attribute type 10 has an invalid length.
[  406.637606][T15230] sctp: [Deprecated]: syz.5.2388 (pid 15230) Use of int in max_burst socket option deprecated.
[  406.637606][T15230] Use struct sctp_assoc_value instead
[  407.635482][T15251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2393'.
[  407.690802][T15264] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2397'.
[  407.694295][T15264] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2397'.
[  407.719448][T15267] overlayfs: missing 'lowerdir'
[  407.720129][T15268] overlayfs: missing 'lowerdir'
[  407.857135][   T40] audit: type=1326 audit(1756557304.378:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.864028][   T40] audit: type=1326 audit(1756557304.378:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.870724][   T40] audit: type=1326 audit(1756557304.378:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.875187][T15276] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2400'.
[  407.879704][   T40] audit: type=1326 audit(1756557304.378:5711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.887188][   T40] audit: type=1326 audit(1756557304.378:5712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.895243][   T40] audit: type=1326 audit(1756557304.378:5713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.901977][   T40] audit: type=1326 audit(1756557304.378:5714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.908682][   T40] audit: type=1326 audit(1756557304.378:5715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.916187][   T40] audit: type=1326 audit(1756557304.378:5716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  407.923238][   T40] audit: type=1326 audit(1756557304.378:5717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15269 comm="syz.1.2399" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f21579 code=0x7ffc0000
[  408.002569][T15276] team0 (unregistering): Port device team_slave_0 removed
[  408.007931][T15276] team0 (unregistering): Port device team_slave_1 removed
[  409.469974][T15311] /dev/sr0: Can't open blockdev
[  409.496283][T15313] QAT: failed to copy from user cfg_data.
[  409.950828][T15327] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2412'.
[  409.953664][T15327] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2412'.
[  410.074089][T15323] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2411'.
[  410.831024][T15335] lo speed is unknown, defaulting to 1000
[  410.852319][T15337] v: renamed from ip6_vti0
[  410.912327][T15336] lo speed is unknown, defaulting to 1000
[  411.131400][T15344] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2417'.
[  411.347528][  T840] kernel read not supported for file inotify (pid: 840 comm: kworker/3:2)
[  412.197095][    C3] sr 2:0:0:0: [sr0] tag#17 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  412.200776][    C3] sr 2:0:0:0: [sr0] tag#17 CDB: Access control out 87 ec 90 12 2d 8b 69 52 9b 72 36 5c
[  412.269382][T15394] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2430'.
[  412.372170][T15396] lo speed is unknown, defaulting to 1000
[  412.462609][T15396] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2432'.
[  412.652544][T15400] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  412.872266][T15415] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  412.874434][T15415] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  412.879017][T15415] vhci_hcd vhci_hcd.0: Device attached
[  413.192128][T15418] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2436'.
[  413.788350][ T6061] usb 40-1: SetAddress Request (6) to port 0
[  413.808414][T15429] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2438'.
[  413.887164][ T6061] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd
[  414.032448][T15416] vhci_hcd: connection reset by peer
[  414.034462][T10022] vhci_hcd: stop threads
[  414.036222][T10022] vhci_hcd: release socket
[  414.038595][T10022] vhci_hcd: disconnect device
[  415.029435][T15447] netlink: 'syz.3.2442': attribute type 1 has an invalid length.
[  415.050753][T15456] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  415.052841][T15456] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  415.055753][T15456] vhci_hcd vhci_hcd.0: Device attached
[  415.131440][   T29] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  415.142737][T15468] netlink: 'syz.2.2448': attribute type 5 has an invalid length.
[  415.369121][   T29] usb 10-1: Using ep0 maxpacket: 8
[  415.372182][   T29] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  415.374634][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  415.378176][   T29] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  415.382000][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  415.385506][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  415.390166][   T29] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  415.392629][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  415.396163][   T29] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  415.399938][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  415.403508][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  415.408314][   T29] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  415.410772][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  415.414501][   T29] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  415.418353][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  415.421827][   T29] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  415.429523][   T29] usb 10-1: string descriptor 0 read error: -22
[  415.431823][   T29] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  415.434918][   T29] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.516981][   T29] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  415.692206][T15458] vhci_hcd: connection closed
[  415.692533][ T7017] vhci_hcd: stop threads
[  415.695741][ T7017] vhci_hcd: release socket
[  415.697721][ T7017] vhci_hcd: disconnect device
[  415.704062][T15453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.706938][T15453] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.744555][   T34] usb 10-1: USB disconnect, device number 10
[  416.278396][   T34] Process accounting resumed
[  416.331815][T15484] nbd3: detected capacity change from 0 to 1024
[  416.387400][T15491] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2454'.
[  416.410418][T15491] vxlan0: entered promiscuous mode
[  416.416337][ T7017] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  416.419949][ T7017] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  416.422823][ T7017] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  416.425621][ T7017] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  416.842803][ T5986] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  416.851278][ T5986] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  416.867383][ T5986] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  416.880101][ T5986] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  416.882860][T11818] bond0: (slave syz_tun): Releasing backup interface
[  416.883022][ T5986] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  416.890466][ T7019] smc: removing ib device syz1
[  416.912029][T15495] lo speed is unknown, defaulting to 1000
[  417.043889][T15484] block nbd3: shutting down sockets
[  417.111958][T15495] chnl_net:caif_netlink_parms(): no params data found
[  417.344533][T15495] bridge0: port 1(bridge_slave_0) entered blocking state
[  417.346806][T15495] bridge0: port 1(bridge_slave_0) entered disabled state
[  417.349083][T15495] bridge_slave_0: entered allmulticast mode
[  417.352199][T15495] bridge_slave_0: entered promiscuous mode
[  417.355493][T15495] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.358544][T15495] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.362312][T15495] bridge_slave_1: entered allmulticast mode
[  417.366467][T15495] bridge_slave_1: entered promiscuous mode
[  417.370229][T15508] netlink: 'syz.5.2458': attribute type 10 has an invalid length.
[  417.424194][T15508] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  417.473388][T15495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  417.479811][T15495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  417.556670][T15495] team0: Port device team_slave_0 added
[  417.561221][T15495] team0: Port device team_slave_1 added
[  417.629432][T15495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.631689][T15495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.639851][T15495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.644116][T15495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.646830][T15495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.654732][T15495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  417.695818][T15495] hsr_slave_0: entered promiscuous mode
[  417.698136][T15495] hsr_slave_1: entered promiscuous mode
[  417.700243][T15495] debugfs: 'hsr0' already exists in 'hsr'
[  417.702165][T15495] Cannot create hsr debugfs directory
[  417.801180][T15495] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  417.805111][T15495] netdevsim netdevsim2 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  417.879942][T15495] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  417.883459][T15495] netdevsim netdevsim2 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  417.949186][T15495] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  417.952884][T15495] netdevsim netdevsim2 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  418.036110][T15495] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0
[  418.039719][T15495] netdevsim netdevsim2 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0
[  418.076820][T15511] ieee802154 phy0 wpan0: encryption failed: -22
[  418.171758][T15495] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  418.176919][T15495] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  418.184528][T15495] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  418.191132][T15495] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  418.242498][T15495] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.253897][T15495] 8021q: adding VLAN 0 to HW filter on device team0
[  418.260243][T10022] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.262670][T10022] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.270561][ T7019] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.272900][ T7019] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.413905][T15495] 8021q: adding VLAN 0 to HW filter on device batadv0
[  418.450846][T15495] veth0_vlan: entered promiscuous mode
[  418.461769][T15495] veth1_vlan: entered promiscuous mode
[  418.525068][T15495] veth0_macvtap: entered promiscuous mode
[  418.531135][T15495] veth1_macvtap: entered promiscuous mode
[  418.548839][T15495] batman_adv: batadv0: Interface activated: batadv_slave_0
[  418.558246][T15495] batman_adv: batadv0: Interface activated: batadv_slave_1
[  418.564584][T10022] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  418.567736][T10022] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  418.574013][T10022] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  418.577114][T10022] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  418.623480][T10022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.625997][T10022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.644782][ T7017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  418.648079][ T7017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  418.713078][ T6061] usb 40-1: device descriptor read/8, error -110
[  418.856040][ T5979] Bluetooth: hci0: command tx timeout
[  418.965718][T15531] lo speed is unknown, defaulting to 1000
[  419.443087][ T6061] usb usb40-port1: attempt power cycle
[  419.726339][T15539] : entered promiscuous mode
[  419.747156][T15545] lo speed is unknown, defaulting to 1000
[  419.999356][ T6061] usb usb40-port1: unable to enumerate USB device
[  420.837405][ T5979] Bluetooth: hci0: command tx timeout
[  422.138678][T15593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2474'.
[  422.207864][T15601] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2476'.
[  422.208088][T15602] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2476'.
[  422.322054][T15601] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  422.330399][T15601] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  422.338860][T15601] bond0 (unregistering): Released all slaves
[  422.527917][   T40] kauditd_printk_skb: 97 callbacks suppressed
[  422.527928][   T40] audit: type=1800 audit(1756557319.778:5815): pid=15604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2477" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  422.762300][ T5988] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  422.765955][ T5988] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  422.768862][ T5988] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  422.782304][ T5988] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  422.785857][ T5988] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  422.826711][T15614] lo speed is unknown, defaulting to 1000
[  422.828526][ T5979] Bluetooth: hci0: command tx timeout
[  422.914171][T15632] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2482'.
[  422.970088][T15614] chnl_net:caif_netlink_parms(): no params data found
[  423.044167][T15614] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.046551][T15614] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.049058][T15614] bridge_slave_0: entered allmulticast mode
[  423.051669][T15614] bridge_slave_0: entered promiscuous mode
[  423.054806][T15614] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.057906][T15614] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.060265][T15614] bridge_slave_1: entered allmulticast mode
[  423.062898][T15614] bridge_slave_1: entered promiscuous mode
[  423.094376][T15614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  423.101585][T15614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  423.137111][T15614] team0: Port device team_slave_0 added
[  423.140411][T15614] team0: Port device team_slave_1 added
[  423.190277][T15614] batman_adv: batadv0: Adding interface: batadv_slave_0
[  423.192526][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  423.203506][T15614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  423.207737][T15614] batman_adv: batadv0: Adding interface: batadv_slave_1
[  423.210841][T15614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  423.219884][T15614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  423.260896][T15614] hsr_slave_0: entered promiscuous mode
[  423.262999][T15614] hsr_slave_1: entered promiscuous mode
[  423.265053][T15614] debugfs: 'hsr0' already exists in 'hsr'
[  423.266984][T15614] Cannot create hsr debugfs directory
[  423.343421][T15645] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  423.751544][T15614] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  423.759099][T15614] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  423.773340][T15614] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  424.204331][T15662] batadv1: entered allmulticast mode
[  424.207638][T15662] 8021q: adding VLAN 0 to HW filter on device batadv1
[  424.380670][T15614] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  424.500808][T15661] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  424.502960][T15661] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  424.508672][T15664] vhci_hcd: connection closed
[  424.509387][T15661] vhci_hcd vhci_hcd.0: Device attached
[  424.520732][ T7017] vhci_hcd: stop threads
[  424.522249][ T7017] vhci_hcd: release socket
[  424.523925][ T7017] vhci_hcd: disconnect device
[  424.604195][T15614] 8021q: adding VLAN 0 to HW filter on device bond0
[  424.617908][T15614] 8021q: adding VLAN 0 to HW filter on device team0
[  424.627040][ T7014] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.629332][ T7014] bridge0: port 1(bridge_slave_0) entered forwarding state
[  424.636556][  T216] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.638823][  T216] bridge0: port 2(bridge_slave_1) entered forwarding state
[  424.801742][ T5979] Bluetooth: hci0: command tx timeout
[  424.803059][ T5988] Bluetooth: hci3: command tx timeout
[  424.842905][T15614] 8021q: adding VLAN 0 to HW filter on device batadv0
[  424.936866][T15614] veth0_vlan: entered promiscuous mode
[  424.941652][T15614] veth1_vlan: entered promiscuous mode
[  424.966691][T15614] veth0_macvtap: entered promiscuous mode
[  424.970686][T15614] veth1_macvtap: entered promiscuous mode
[  424.981199][T15614] batman_adv: batadv0: Interface activated: batadv_slave_0
[  424.987101][T15614] batman_adv: batadv0: Interface activated: batadv_slave_1
[  424.994593][ T1184] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  424.997815][ T1184] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  425.003165][ T1184] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  425.007465][ T1184] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  425.037034][ T7014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  425.041580][ T7014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  425.052612][ T1184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  425.055124][ T1184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  425.402704][   T40] audit: type=1800 audit(1756557322.802:5816): pid=15695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2494" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  426.022728][T15703] netlink: 'syz.1.2496': attribute type 21 has an invalid length.
[  426.355102][T15725] lo speed is unknown, defaulting to 1000
[  426.688441][T15731] netlink: 'syz.1.2502': attribute type 13 has an invalid length.
[  426.792694][ T5988] Bluetooth: hci3: command tx timeout
[  427.125011][T15731] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  427.162807][T15712] netlink: 'syz.5.2497': attribute type 10 has an invalid length.
[  427.188368][T15712] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2497'.
[  427.192455][T15712] dummy0: entered promiscuous mode
[  427.489287][T15757] netlink: 'syz.2.2508': attribute type 21 has an invalid length.
[  427.491858][T15757] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2508'.
[  427.670090][T15732] random: crng reseeded on system resumption
[  427.670551][T15712] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  427.677251][T15757] netlink: 'syz.2.2508': attribute type 4 has an invalid length.
[  427.679850][T15757] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2508'.
[  427.698873][T15759] batadv1: entered promiscuous mode
[  427.701352][T15759] 8021q: adding VLAN 0 to HW filter on device batadv1
[  428.038674][T15762] bridge1: entered promiscuous mode
[  428.236133][T15766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2513'.
[  428.239125][T15766] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2513'.
[  428.248273][T15766] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2513'.
[  428.762589][ T5988] Bluetooth: hci3: command tx timeout
[  429.274299][T15782] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2517'.
[  429.421281][T15793] lo speed is unknown, defaulting to 1000
[  429.550759][T15793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2522'.
[  429.673942][T15813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2528'.
[  429.677633][T15813] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2528'.
[  429.681962][T15813] binder: 15812:15813 ioctl 4112 0 returned -22
[  429.713440][T15815] netlink: 'syz.2.2529': attribute type 10 has an invalid length.
[  429.717008][T15815] macvlan1: entered allmulticast mode
[  429.720633][T15815] veth1_vlan: entered allmulticast mode
[  429.725929][T15815] team0: Port device macvlan1 added
[  429.844204][T15822] fuse: Bad value for 'rootmode'
[  429.851038][    T9] Process accounting resumed
[  429.937316][T15822] Process accounting resumed
[  429.979001][T15831] fuse: Unknown parameter '�K��{E��RV��68��מ {X����'
[  429.999024][T15831] netlink: 'syz.1.2535': attribute type 25 has an invalid length.
[  430.458014][ T1022] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  430.600889][ T1022] usb 6-1: Using ep0 maxpacket: 8
[  430.604268][ T1022] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  430.616753][ T1022] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  430.619838][ T1022] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  430.629497][ T1022] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  430.632612][ T1022] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  430.636744][ T1022] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  430.639579][ T1022] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.744699][ T5988] Bluetooth: hci3: command tx timeout
[  430.840091][ T1022] usb 6-1: GET_CAPABILITIES returned 0
[  430.842173][ T1022] usbtmc 6-1:16.0: can't read capabilities
[  431.000689][T15842] comedi comedi0: pcl730: I/O port conflict (0x2,4)
[  431.003705][T15842] overlay: Unknown parameter 'obj_role'
[  431.123960][   T40] audit: type=1326 audit(1756557328.796:5817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15851 comm="syz.3.2541" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x0
[  431.132213][T15853] MTD: Couldn't look up './file0': -15
[  431.134805][T15853] openvswitch: netlink: Flow key attr not present in new flow.
[  431.341492][T15594] usb 6-1: USB disconnect, device number 19
[  431.510229][T15863] fuse: Unknown parameter 'appraise'
[  432.682649][T15904] siw: device registration error -23
[  433.880771][T15932] __nla_validate_parse: 2 callbacks suppressed
[  433.880783][T15932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2562'.
[  433.887699][T15932] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.890325][T15932] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.944656][T15934] netlink: 'syz.1.2563': attribute type 10 has an invalid length.
[  433.952173][T15934] 8021q: adding VLAN 0 to HW filter on device team0
[  433.955867][T15934] bond0: (slave team0): Enslaving as an active interface with an up link
[  433.978063][T15934] vlan2: entered promiscuous mode
[  433.979817][T15934] team0: entered promiscuous mode
[  433.981471][T15934] team_slave_0: entered promiscuous mode
[  433.983648][T15934] team_slave_1: entered promiscuous mode
[  433.985659][T15934] vlan2: entered allmulticast mode
[  433.987340][T15934] team0: entered allmulticast mode
[  433.989050][T15934] team_slave_0: entered allmulticast mode
[  433.990860][T15934] team_slave_1: entered allmulticast mode
[  433.994973][T15934] bond0: (slave vlan2): Enslaving as an active interface with an up link
[  434.019696][T15934] bond_slave_0: entered promiscuous mode
[  434.021873][T15934] bond_slave_1: entered promiscuous mode
[  434.024628][T15934] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  434.027283][T15934] bond1: (slave macvlan2): unknown ethtool speed (60000) for port 1 (set it to 0)
[  434.032063][T15934] bond1: (slave macvlan2): speed changed to 0 on port 1
[  434.035200][T15934] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  434.095189][T15941] Unsupported ieee802154 address type: 0
[  434.465593][T15976] netlink: 'syz.1.2572': attribute type 1 has an invalid length.
[  434.470371][T15976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2572'.
[  434.474061][T15976] netlink: 'syz.1.2572': attribute type 10 has an invalid length.
[  434.477000][T15976] bond_slave_0: left promiscuous mode
[  434.479428][T15976] bond_slave_1: left promiscuous mode
[  434.483926][T15976] team0: Device bond0 is already an upper device of the team interface
[  434.985197][T15979] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2575'.
[  435.113902][T15979] loop2: detected capacity change from 0 to 7
[  435.141322][T15979] Dev loop2: unable to read RDB block 7
[  435.143323][T15979]  loop2: unable to read partition table
[  435.145354][T15979] loop2: partition table beyond EOD, truncated
[  435.147568][T15979] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  436.853770][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  437.309149][T16039] binder: 16037:16039 unknown command 0
[  437.310911][T16039] binder: 16037:16039 ioctl c0306201 80000080 returned -22
[  437.332613][T16043] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2592'.
[  437.465530][T16064] overlayfs: failed to resolve './file1': -2
[  437.513879][T16067] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  437.726040][T16073] Invalid source name
[  437.771962][   T40] audit: type=1326 audit(1756557335.777:5818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.780768][   T40] audit: type=1326 audit(1756557335.777:5819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.788300][   T40] audit: type=1326 audit(1756557335.777:5820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.796881][   T40] audit: type=1326 audit(1756557335.777:5821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.803783][   T40] audit: type=1326 audit(1756557335.788:5822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.812420][   T40] audit: type=1326 audit(1756557335.788:5823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=177 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.822613][   T40] audit: type=1326 audit(1756557335.840:5824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.829696][   T40] audit: type=1326 audit(1756557335.840:5825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.837099][   T40] audit: type=1326 audit(1756557335.840:5826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.856073][   T40] audit: type=1326 audit(1756557335.840:5827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16084 comm="syz.1.2605" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e579 code=0x7ffc0000
[  437.872278][T16088] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2604'.
[  438.626717][ T1022] libceph: connect (1)[c::]:6789 error -101
[  438.629527][ T1022] libceph: mon0 (1)[c::]:6789 connect error
[  438.824516][T16096] ceph: No mds server is up or the cluster is laggy
[  439.032931][T16122] usb usb8: usbfs: process 16122 (syz.5.2613) did not claim interface 0 before use
[  440.630815][T16136] program syz.5.2619 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  440.638777][T16136] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  441.682666][T16173] virtio-fs: tag </dev/md0> not found
[  441.775007][T16173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2630'.
[  442.475097][ T1022] IPVS: starting estimator thread 0...
[  442.555398][T16187] IPVS: using max 41 ests per chain, 98400 per kthread
[  443.227401][T16199] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  443.229992][T16199] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  443.234853][T16199] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  443.237576][T16199] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  443.239568][T16199] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  443.243762][T16199] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  444.836091][T16273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2653'.
[  444.841559][T16273] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2653'.
[  445.002064][T16283] fuse: Unknown parameter '����18446744073709551615��g�G'
[  445.070985][ T5979] Bluetooth: hci4: command 0x0c1a tx timeout
[  445.146717][ T5979] Bluetooth: hci3: command 0x0c1a tx timeout
[  445.308618][T16287] netlink: 'syz.2.2654': attribute type 5 has an invalid length.
[  445.412059][T16287] ip6erspan0: entered promiscuous mode
[  446.084708][T16317] lo speed is unknown, defaulting to 1000
[  447.051829][ T5979] Bluetooth: hci4: command 0x0c1a tx timeout
[  447.128202][ T5979] Bluetooth: hci3: command 0x0c1a tx timeout
[  447.215546][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.217912][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.220693][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.257356][T16348] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  447.306799][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.310917][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.319259][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.321912][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.324450][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.327164][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.332080][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.334663][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.339301][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.341970][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.344564][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.351689][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.354253][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.360307][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.363001][T16348] hsr0 speed is unknown, defaulting to 1000
[  447.374836][T16350] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  447.376844][T16350] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  447.379576][T16350] vhci_hcd vhci_hcd.0: Device attached
[  447.447792][T16351] vhci_hcd: connection closed
[  447.449813][  T216] vhci_hcd: stop threads
[  447.452749][  T216] vhci_hcd: release socket
[  447.454045][  T216] vhci_hcd: disconnect device
[  447.754301][T16357] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2673'.
[  448.285559][T16375] fuse: Bad value for 'fd'
[  448.304547][T16355] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  448.307982][T16355] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  448.317327][T16378] netlink: 'syz.2.2678': attribute type 32 has an invalid length.
[  448.321388][T16378] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2678'.
[  448.325086][T16378] netlink: 'syz.2.2678': attribute type 32 has an invalid length.
[  448.358122][ T1336] libceph: connect (1)[c::]:6789 error -101
[  448.360671][ T1336] libceph: mon0 (1)[c::]:6789 connect error
[  448.460789][ T5988] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  448.769341][ T5983] libceph: connect (1)[c::]:6789 error -101
[  448.773820][ T5983] libceph: mon0 (1)[c::]:6789 connect error
[  448.787092][ T1336] libceph: connect (1)[c::]:6789 error -101
[  448.789684][ T1336] libceph: mon0 (1)[c::]:6789 connect error
[  449.144865][ T5983] libceph: connect (1)[c::]:6789 error -101
[  449.152480][T16380] ceph: No mds server is up or the cluster is laggy
[  449.152493][T16397] ceph: No mds server is up or the cluster is laggy
[  449.236902][ T5983] libceph: mon0 (1)[c::]:6789 connect error
[  449.310620][T16411] tmpfs: Cannot change global quota limit on remount
[  449.500172][T16430] program syz.5.2690 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  449.566280][ T5988] Bluetooth: hci4: command 0x0c1a tx timeout
[  450.040839][T16436] overlayfs: overlapping lowerdir path
[  450.128387][ T1022] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  450.253248][ T5988] Bluetooth: hci3: command 0x0c1a tx timeout
[  450.261948][ T1022] usb 10-1: device descriptor read/64, error -71
[  450.385838][ T1336] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  450.500252][ T1022] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  450.528578][ T1336] usb 6-1: Using ep0 maxpacket: 32
[  450.532939][ T1336] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  450.539794][ T1336] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  450.543660][ T1336] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  450.546864][ T1336] usb 6-1: Product: syz
[  450.548271][ T1336] usb 6-1: Manufacturer: syz
[  450.549705][ T1336] usb 6-1: SerialNumber: syz
[  450.552336][ T1336] usb 6-1: config 0 descriptor??
[  450.555575][T16446] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  450.559710][ T1336] hub 6-1:0.0: bad descriptor, ignoring hub
[  450.561622][ T1336] hub 6-1:0.0: probe with driver hub failed with error -5
[  450.585856][   T40] kauditd_printk_skb: 57 callbacks suppressed
[  450.585868][   T40] audit: type=1326 audit(1756557349.225:5885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16452 comm="syz.2.2698" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf703e579 code=0x0
[  450.625537][ T1022] usb 10-1: device descriptor read/64, error -71
[  450.692753][T16458] No source specified
[  450.729236][ T1022] usb usb10-port1: attempt power cycle
[  450.871443][ T5983] usb 6-1: USB disconnect, device number 20
[  451.061745][ T1022] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  451.081646][ T1022] usb 10-1: device descriptor read/8, error -71
[  451.103782][T16478] 9pnet_virtio: no channels available for device syz
[  451.319587][ T1022] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  451.357753][ T1022] usb 10-1: device descriptor read/8, error -71
[  451.464493][ T1022] usb usb10-port1: unable to enumerate USB device
[  451.526836][T16489] overlayfs: missing 'lowerdir'
[  452.918450][T16501] comedi comedi2: comedi_config --init_data is deprecated
[  454.616237][T16547] binder: Bad value for 'max'
[  454.853346][ T1336] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  454.890405][T16563] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  454.892500][T16563] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  454.894983][T16563] vhci_hcd vhci_hcd.0: Device attached
[  454.913890][T16563] batadv2: entered allmulticast mode
[  454.917170][T16563] 8021q: adding VLAN 0 to HW filter on device batadv2
[  454.997486][ T1336] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  455.000942][ T1336] usb 6-1: config 0 interface 0 has no altsetting 0
[  455.004911][ T1336] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  455.010855][ T1336] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  455.013555][ T1336] usb 6-1: Product: syz
[  455.015298][ T1336] usb 6-1: Manufacturer: syz
[  455.017274][ T1336] usb 6-1: SerialNumber: syz
[  455.025726][ T1336] usb 6-1: config 0 descriptor??
[  455.029823][ T1336] usb 6-1: selecting invalid altsetting 0
[  455.053052][ T5979] Bluetooth: hci3: command 0x0c1a tx timeout
[  455.139632][ T1022] usb 41-1: new high-speed USB device number 4 using vhci_hcd
[  455.277088][   T34] usb 6-1: USB disconnect, device number 21
[  455.701245][T16564] vhci_hcd: connection reset by peer
[  455.703177][  T216] vhci_hcd: stop threads
[  455.705167][  T216] vhci_hcd: release socket
[  455.707179][  T216] vhci_hcd: disconnect device
[  456.733187][T16585] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2730'.
[  456.872942][T16589] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  456.875555][T16589] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  456.981120][T16599] usb usb8: usbfs: process 16599 (syz.2.2732) did not claim interface 0 before use
[  457.657370][T16609] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2736'.
[  457.660869][T16609] /dev/sg0: Can't lookup blockdev
[  457.717879][T16613] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2738'.
[  457.972764][T16622] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2740'.
[  457.986040][T16622] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2740'.
[  458.000593][T16622] 9pnet_virtio: no channels available for device syz
[  458.014083][T16624] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2741'.
[  458.268093][T16642] exFAT-fs (nbd5): mounting with "discard" option, but the device does not support discard
[  458.272342][T16642] block nbd5: Attempted send on invalid socket
[  458.274686][T16642] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  458.278070][T16642] exFAT-fs (nbd5): unable to read boot sector
[  458.280012][T16642] exFAT-fs (nbd5): failed to read boot sector
[  458.281965][T16642] exFAT-fs (nbd5): failed to recognize exfat type
[  458.519812][T16658] kvm: kvm [16657]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000006)
[  458.796834][ T5979] Bluetooth: hci4: command 0x0c1a tx timeout
[  458.872529][T16676] sctp: [Deprecated]: syz.2.2755 (pid 16676) Use of int in maxseg socket option.
[  458.872529][T16676] Use struct sctp_assoc_value instead
[  458.879580][T16676] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2755'.
[  458.929027][T16680] syzkaller0: entered promiscuous mode
[  458.932072][T16680] syzkaller0: entered allmulticast mode
[  459.130122][T16688] Bluetooth: MGMT ver 1.23
[  459.784013][T16713] siw: device registration error -23
[  459.997208][ T1022] vhci_hcd: vhci_device speed not set
[  460.006800][T14725] BUG: sleeping function called from invalid context at mm/vmalloc.c:3409
[  460.010195][T14725] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 14725, name: syz-executor
[  460.016317][T14725] preempt_count: 1, expected: 0
[  460.018307][T14725] RCU nest depth: 0, expected: 0
[  460.020326][T14725] no locks held by syz-executor/14725.
[  460.022678][T14725] Preemption disabled at:
[  460.022687][T14725] [<ffffffff8b91cf20>] schedule+0xe0/0x3a0
[  460.026552][T14725] CPU: 2 UID: 0 PID: 14725 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  460.026566][T14725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  460.026573][T14725] Call Trace:
[  460.026578][T14725]  <TASK>
[  460.026583][T14725]  dump_stack_lvl+0x16c/0x1f0
[  460.026600][T14725]  __might_resched+0x3c0/0x5e0
[  460.026612][T14725]  ? __pfx___might_resched+0x10/0x10
[  460.026622][T14725]  ? pcpu_block_update+0x562/0x660
[  460.026640][T14725]  ? find_held_lock+0x2b/0x80
[  460.026652][T14725]  vfree+0x75/0xb50
[  460.026698][T14725]  ? rcu_is_watching+0x12/0xc0
[  460.026710][T14725]  ? kfree+0x24f/0x4d0
[  460.026720][T14725]  ? free_percpu+0x6db/0x13c0
[  460.026733][T14725]  futex_hash_free+0x98/0xc0
[  460.026747][T14725]  __mmdrop+0x33f/0x580
[  460.026760][T14725]  ? rcu_is_watching+0x12/0xc0
[  460.026771][T14725]  finish_task_switch.isra.0+0x7a4/0xc10
[  460.026783][T14725]  ? __switch_to+0x7a5/0x11a0
[  460.026797][T14725]  __schedule+0x1198/0x5de0
[  460.026809][T14725]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  460.026823][T14725]  ? debug_object_activate+0x2ec/0x4c0
[  460.026838][T14725]  ? __lock_acquire+0x62e/0x1ce0
[  460.026855][T14725]  ? __pfx___schedule+0x10/0x10
[  460.026869][T14725]  ? find_held_lock+0x2b/0x80
[  460.026880][T14725]  ? schedule+0x2d7/0x3a0
[  460.026894][T14725]  schedule+0xe7/0x3a0
[  460.026906][T14725]  do_nanosleep+0x21a/0x570
[  460.026919][T14725]  ? __pfx_do_nanosleep+0x10/0x10
[  460.026929][T14725]  ? __asan_memset+0x23/0x50
[  460.026940][T14725]  ? __hrtimer_setup+0x176/0x280
[  460.026957][T14725]  hrtimer_nanosleep+0x155/0x380
[  460.026969][T14725]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  460.026981][T14725]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  460.026998][T14725]  ? get_old_timespec32+0xda/0x130
[  460.027012][T14725]  ? __pfx_get_old_timespec32+0x10/0x10
[  460.027027][T14725]  common_nsleep+0xa1/0xd0
[  460.027041][T14725]  __ia32_sys_clock_nanosleep_time32+0x33d/0x4f0
[  460.027054][T14725]  ? __pfx___ia32_sys_clock_nanosleep_time32+0x10/0x10
[  460.027067][T14725]  ? rcu_is_watching+0x12/0xc0
[  460.027079][T14725]  __do_fast_syscall_32+0x7c/0x3a0
[  460.027095][T14725]  do_fast_syscall_32+0x32/0x80
[  460.027110][T14725]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  460.027124][T14725] RIP: 0023:0xf703e579
[  460.027133][T14725] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  460.027144][T14725] RSP: 002b:00000000ffff1500 EFLAGS: 00000293 ORIG_RAX: 000000000000010b
[  460.027155][T14725] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[  460.027162][T14725] RDX: 00000000ffff1534 RSI: 00000000ffff152c RDI: 00000000ffff1534
[  460.027170][T14725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  460.027177][T14725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  460.027183][T14725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  460.027195][T14725]  </TASK>
[  462.063865][ T5979] Bluetooth: hci3: command 0x0c1a tx timeout
[  464.045273][ T5988] Bluetooth: hci3: command 0x0c1a tx timeout
[  466.026804][ T5988] Bluetooth: hci3: command 0x0c1a tx timeout
[  468.008115][ T5988] Bluetooth: hci3: command 0x0c1a tx timeout

VM DIAGNOSIS:
11:25:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000fd0943 RBX=0000000000000000 RCX=ffffffff8b90abf9 RDX=0000000000000000
RSI=ffffffff8de4cac1 RDI=ffffffff8c162d00 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000001 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000000
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab8290 R15=0000000000000000
RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f540dda4 CR3=000000006830d000 CR4=00352ef0
DR0=0000000000000007 DR1=000000000000000b DR2=0000000000000002 DR3=0000000000000009 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=ffff88802b3332a8 RCX=ffffffff81f0c7e8 RDX=0000000000000000
RSI=ffffffff8c162c80 RDI=ffffffff8df58e68 RBP=0000000000000001 RSP=ffffc90006b775f8
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=00000000000001ff R14=ffff88804d9f7c80 R15=dffffc0000000000
RIP=ffffffff81a04ab0 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f53ecda4 CR3=0000000055bf4000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000037 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85617045 RDI=ffffffff9b0f9700 RBP=ffffffff9b0f96c0 RSP=ffffc900030c73f8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000037 R14=ffffffff9b0f96c0 R15=ffffffff85616fe0
RIP=ffffffff8561706f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976c3000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000568b8448 CR3=000000004d565000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0001000000100008 0000000000000004 000c001a00100000 0014010000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000c000000080004 0020000e00000000 0000000000000000 0acc000000200000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00490000000010de 3cc0000000180000 00200000000e0014
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff6603000000ffff ff5e03000000ffff ff56000003e60000 0008000400000008
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00080000000c0000 00100000001c0000 0028000000340000 00200000004c0000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00280000005c0000 0068000000540000 0078000000840000 0090000000a00000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00b0000000c00000 00d8000000f00000 0104000001140000 0015000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffdc03000000 00000016ffffffd0 03000000ffffff96 07000000ffffff8e
ZMM25=8484689f8484689f 8484689f8484689f 8484689f8484689f 8484689f8484689f 8484689f8484689f 8484689f8484689f 8484689f8484689f 8484689f8484689f
ZMM26=09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f 09c1f52f09c1f52f
ZMM27=0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935 0ac4f9350ac4f935
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=de110000de110000 de110000de110000 de110000de110000 de110000de110000 de110000de110000 de110000de110000 de110000de110000 de110000de110000
info registers vcpu 3

CPU#3
RAX=00000000009173fb RBX=0000000000000003 RCX=ffffffff8b90abf9 RDX=0000000000000000
RSI=ffffffff8de4cac1 RDI=ffffffff8c162d00 RBP=ffffed1003863000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000000
R12=0000000000000003 R13=ffff88801c318000 R14=ffffffff90ab8290 R15=0000000000000000
RIP=ffffffff8b90975f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977c3000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000056ea699c CR3=000000004896f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5c9f5a593ea1639d 9ce45cc9b21d22eb
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3485a358dd3d636b e4217473232fe126
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ac740826dd899fe0 163e304f63d25a89
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 85b4d839a3d0811a 99ee381887bfa5e4
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001c00
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17afe55617b3e7f9 9e00000196000001
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000068c817b4196d 0001813617b5038f
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17b392ef78000001 ac000000eb000001
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ce00000128000001 17b441e0a0000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 69c21367873aa769 8edb69e30128be13
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 315654d91f6dcdf3 822256836ef54838
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=e6678194730722fd 398a7a8fc23e42e1 e6678194730722fd 398a7a8fc23e42e1 e6678194730722fd 398a7a8fc23e42e1 e6678194730722fd 398a7a8fc23e42e1
ZMM18=0ac4f93509c1f52f 8484689f846b9d61 0ac4f93509c1f52f 8484689f846b9d61 0ac4f93509c1f52f 8484689f846b9d61 0ac4f93509c1f52f 8484689f846b9d61
ZMM19=df11000000000000 0000000000000004 df11000000000000 0000000000000003 df11000000000000 0000000000000002 df11000000000000 0000000000000001
ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 840003b403018804 0003b00302040003 ac0302a0040003a8 0300040003a40300
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 020003a203000200 03a0030008000398 0300080003900302 0400038c03600400
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03880302c8080003 8003038002018003 0180020290030008 000288030fffffff
ZMM24=75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d 75bfc44d75bfc44d
ZMM25=af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b af3e657baf3e657b
ZMM26=338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86 338e6e86338e6e86
ZMM27=a9791669a9791669 a9791669a9791669 a9791669a9791669 a9791669a9791669 a9791669a9791669 a9791669a9791669 a9791669a9791669 a9791669a9791669
ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000 7b1c00007b1c0000